Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: National Bank

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
antlr-2.7.7.jar antlr:antlr:2.7.7   0 12
aopalliance-1.0.jar aopalliance:aopalliance:1.0   0 13
asm-analysis-3.2.jar asm:asm-analysis:3.2   0 13
asm-commons-3.3.1.jar asm:asm-commons:3.3.1   0 13
asm-tree-3.3.1.jar asm:asm-tree:3.3.1   0 13
asm-util-3.2.jar asm:asm-util:3.2   0 13
asm-3.3.1.jar asm:asm:3.3.1   0 13
avalon-framework-4.1.3.jar avalon-framework:avalon-framework:4.1.3   0 12
backport-util-concurrent-3.1.jar backport-util-concurrent:backport-util-concurrent:3.1   0 16
logback-core-1.1.11.jar cpe:/a:logback:logback:1.1.11 ch.qos.logback:logback-core:1.1.11   0 LOW 18
classworlds-1.1.jar classworlds:classworlds:1.1   0 17
classmate-1.3.3.jar com.fasterxml:classmate:1.3.3   0 26
jackson-annotations-2.8.0.jar cpe:/a:fasterxml:jackson:2.8.0 com.fasterxml.jackson.core:jackson-annotations:2.8.0 Medium 1 LOW 25
jackson-core-2.8.8.jar cpe:/a:fasterxml:jackson:2.8.8 com.fasterxml.jackson.core:jackson-core:2.8.8 Medium 1 LOW 25
jsr305-2.0.1.jar com.google.code.findbugs:jsr305:1.3.7   0 18
google-collections-1.0.jar com.google.collections:google-collections:1.0   0 17
guava-18.0.jar com.google.guava:guava:18.0   0 16
json-path-2.2.0.jar com.jayway.jsonpath:json-path:2.2.0   0 16
istack-commons-runtime-2.16.jar com.sun.istack:istack-commons-runtime:2.16   0 21
jaxb-core-2.2.7.jar com.sun.xml.bind:jaxb-core:2.2.7   0 25
jaxb-impl-2.2.7.jar com.sun.xml.bind:jaxb-impl:2.2.7   0 21
jaxb-jxc-2.2.7.jar com.sun.xml.bind:jaxb-jxc:2.2.7   0 21
jaxb-xjc-2.2.7.jar com.sun.xml.bind:jaxb-xjc:2.2.7   0 23
FastInfoset-1.2.12.jar com.sun.xml.fastinfoset:FastInfoset:1.2.12   0 20
android-json-0.0.20131108.vaadin1.jar cpe:/a:google:android:0.0.201311 com.vaadin.external.google:android-json:0.0.20131108.vaadin1 High 5 LOW 16
commons-cli-1.0.jar commons-cli:commons-cli:1.0   0 13
commons-cli-1.2.jar commons-cli:commons-cli:1.2   0 23
commons-codec-1.10.jar commons-codec:commons-codec:1.10   0 25
commons-httpclient-3.1.jar cpe:/a:apache:commons-httpclient:3.1
cpe:/a:apache:httpclient:3.1
commons-httpclient:commons-httpclient:3.1 Medium 3 LOW 15
commons-io-1.3.2.jar commons-io:commons-io:1.3.2   0 20
commons-io-2.4.jar commons-io:commons-io:2.4   0 24
commons-logging-api-1.1.jar commons-logging:commons-logging-api:1.1   0 19
commons-logging-1.0.4.jar commons-logging:commons-logging:1.0.4   0 16
commons-logging-1.1.1.jar commons-logging:commons-logging:1.1.1   0 20
commons-logging-1.1.jar commons-logging:commons-logging:1.1   0 19
commons-logging-1.2.jar commons-logging:commons-logging:1.2   0 24
dom4j-1.6.1.jar dom4j:dom4j:1.6.1   0 18
javax.annotation-api-1.2.jar javax.annotation:javax.annotation-api:1.2   0 23
jsr250-api-1.0.jar javax.annotation:jsr250-api:1.0   0 13
cdi-api-1.0.jar javax.enterprise:cdi-api:1.0   0 18
javax.inject-1.jar javax.inject:javax.inject:1   0 13
servlet-api-2.3.jar javax.servlet:servlet-api:2.3   0 12
javax.transaction-api-1.2.jar javax.transaction:javax.transaction-api:1.2   0 23
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final   0 14
javax.ws.rs-api-2.0.1.jar javax.ws.rs:javax.ws.rs-api:2.0.1   0 21
jaxb-api-2.2.7.jar javax.xml.bind:jaxb-api:2.2.7   0 17
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2   0 13
junit-3.8.1.jar junit:junit:3.8.1   0 13
junit-3.8.2.jar junit:junit:3.8.2   0 13
junit-4.12.jar junit:junit:4.12   0 16
log4j-1.2.12.jar cpe:/a:apache:log4j:1.2.12 log4j:log4j:1.2.12   0 LOW 10
log4j-1.2.17.jar cpe:/a:apache:log4j:1.2.17 log4j:log4j:1.2.17   0 LOW 18
logkit-1.0.1.jar logkit:logkit:1.0.1   0 11
mysql-connector-java-5.1.41.jar cpe:/a:mysql:mysql:5.1.41 mysql:mysql-connector-java:5.1.41 High 98 HIGHEST 21
mysql-connector-java-5.1.42.jar cpe:/a:mysql:mysql:5.1.42 mysql:mysql-connector-java:5.1.42 High 98 HIGHEST 21
accessors-smart-1.1.jar net.minidev:accessors-smart:1.1   0 15
json-smart-2.2.1.jar net.minidev:json-smart:2.2.1   0 17
commons-compress-1.9.jar cpe:/a:apache:commons-compress:1.9 org.apache.commons:commons-compress:1.9   0 LOW 25
commons-lang3-3.1.jar org.apache.commons:commons-lang3:3.1   0 24
cxf-core-3.1.11.jar cpe:/a:apache:cxf:3.1.11 org.apache.cxf:cxf-core:3.1.11 Medium 1 LOW 22
httpclient-4.5.3.jar cpe:/a:apache:httpclient:4.5.3 org.apache.httpcomponents:httpclient:4.5.3   0 LOW 21
httpcore-4.4.6.jar org.apache.httpcomponents:httpcore:4.4.6   0 22
httpmime-4.5.3.jar cpe:/a:apache:httpclient:4.5.3 org.apache.httpcomponents:httpmime:4.5.3   0 LOW 21
maven-archetype-quickstart-1.1.jar org.apache.maven.archetypes:maven-archetype-quickstart:1.1   0 10
doxia-logging-api-1.1.jar org.apache.maven.doxia:doxia-logging-api:1.1   0 18
doxia-sink-api-1.0-alpha-7.jar org.apache.maven.doxia:doxia-sink-api:1.0-alpha-7   0 14
doxia-sink-api-1.1.jar org.apache.maven.doxia:doxia-sink-api:1.1   0 18
maven-aether-provider-3.2.1.jar org.apache.maven:maven-aether-provider:3.2.1   0 18
maven-archiver-2.6.jar org.apache.maven:maven-archiver:2.6   0 18
maven-artifact-manager-2.0.6.jar org.apache.maven:maven-artifact-manager:2.0.6   0 14
maven-artifact-manager-2.0.8.jar org.apache.maven:maven-artifact-manager:2.0.8   0 17
maven-artifact-manager-2.0.9.jar org.apache.maven:maven-artifact-manager:2.0.9   0 17
maven-artifact-manager-2.2.1.jar org.apache.maven:maven-artifact-manager:2.2.1   0 17
maven-artifact-2.0.6.jar org.apache.maven:maven-artifact:2.0.6   0 14
maven-artifact-2.0.9.jar org.apache.maven:maven-artifact:2.0.9   0 17
maven-artifact-2.2.1.jar org.apache.maven:maven-artifact:2.2.1   0 17
maven-artifact-3.1.1.jar org.apache.maven:maven-artifact:3.1.1   0 17
maven-compat-3.0.jar org.apache.maven:maven-compat:3.0   0 17
maven-core-2.0.6.jar cpe:/a:apache:maven:2.0.6 org.apache.maven:maven-core:2.0.6   0 LOW 13
maven-core-2.0.9.jar cpe:/a:apache:maven:2.0.9 org.apache.maven:maven-core:2.0.9   0 LOW 17
maven-core-2.2.1.jar cpe:/a:apache:maven:2.2.1 org.apache.maven:maven-core:2.2.1   0 LOW 17
maven-core-3.1.1.jar cpe:/a:apache:maven:3.1.1 org.apache.maven:maven-core:3.1.1   0 LOW 18
maven-error-diagnostics-2.0.6.jar org.apache.maven:maven-error-diagnostics:2.0.6   0 16
maven-error-diagnostics-2.0.9.jar org.apache.maven:maven-error-diagnostics:2.0.9   0 18
maven-error-diagnostics-2.2.1.jar org.apache.maven:maven-error-diagnostics:2.2.1   0 18
maven-model-builder-3.1.1.jar org.apache.maven:maven-model-builder:3.1.1   0 18
maven-model-2.0.6.jar org.apache.maven:maven-model:2.0.6   0 15
maven-model-2.0.9.jar org.apache.maven:maven-model:2.0.9   0 18
maven-model-2.2.1.jar org.apache.maven:maven-model:2.2.1   0 18
maven-model-3.1.1.jar org.apache.maven:maven-model:3.1.1   0 18
maven-monitor-2.0.6.jar org.apache.maven:maven-monitor:2.0.6   0 15
maven-monitor-2.0.9.jar org.apache.maven:maven-monitor:2.0.9   0 17
maven-monitor-2.2.1.jar org.apache.maven:maven-monitor:2.2.1   0 17
maven-plugin-api-2.0.1.jar org.apache.maven:maven-plugin-api:2.0.1   0 17
maven-plugin-api-2.0.6.jar org.apache.maven:maven-plugin-api:2.0.6   0 14
maven-plugin-api-2.0.9.jar org.apache.maven:maven-plugin-api:2.0.9   0 17
maven-plugin-api-3.1.1.jar org.apache.maven:maven-plugin-api:3.1.1   0 18
maven-plugin-descriptor-2.0.6.jar org.apache.maven:maven-plugin-descriptor:2.0.6   0 15
maven-plugin-descriptor-2.0.9.jar org.apache.maven:maven-plugin-descriptor:2.0.9   0 17
maven-plugin-descriptor-2.2.1.jar org.apache.maven:maven-plugin-descriptor:2.2.1   0 17
maven-plugin-parameter-documenter-2.0.6.jar org.apache.maven:maven-plugin-parameter-documenter:2.0.6   0 15
maven-plugin-parameter-documenter-2.0.9.jar org.apache.maven:maven-plugin-parameter-documenter:2.0.9   0 17
maven-plugin-parameter-documenter-2.2.1.jar org.apache.maven:maven-plugin-parameter-documenter:2.2.1   0 17
maven-plugin-registry-2.0.6.jar org.apache.maven:maven-plugin-registry:2.0.6   0 15
maven-plugin-registry-2.0.8.jar org.apache.maven:maven-plugin-registry:2.0.8   0 17
maven-plugin-registry-2.0.9.jar org.apache.maven:maven-plugin-registry:2.0.9   0 17
maven-plugin-registry-2.2.1.jar org.apache.maven:maven-plugin-registry:2.2.1   0 17
maven-profile-2.0.6.jar org.apache.maven:maven-profile:2.0.6   0 14
maven-profile-2.0.8.jar org.apache.maven:maven-profile:2.0.8   0 17
maven-profile-2.0.9.jar org.apache.maven:maven-profile:2.0.9   0 17
maven-profile-2.2.1.jar org.apache.maven:maven-profile:2.2.1   0 17
maven-project-2.0.6.jar org.apache.maven:maven-project:2.0.6   0 15
maven-project-2.0.8.jar org.apache.maven:maven-project:2.0.8   0 18
maven-project-2.0.9.jar org.apache.maven:maven-project:2.0.9   0 18
maven-project-2.2.1.jar org.apache.maven:maven-project:2.2.1   0 18
maven-repository-metadata-2.0.6.jar org.apache.maven:maven-repository-metadata:2.0.6   0 16
maven-repository-metadata-2.0.9.jar org.apache.maven:maven-repository-metadata:2.0.9   0 18
maven-repository-metadata-2.2.1.jar org.apache.maven:maven-repository-metadata:2.2.1   0 18
maven-repository-metadata-3.1.1.jar org.apache.maven:maven-repository-metadata:3.1.1   0 18
maven-settings-builder-3.1.1.jar org.apache.maven:maven-settings-builder:3.1.1   0 18
maven-settings-2.0.6.jar org.apache.maven:maven-settings:2.0.6   0 14
maven-settings-2.0.9.jar org.apache.maven:maven-settings:2.0.9   0 17
maven-settings-2.2.1.jar org.apache.maven:maven-settings:2.2.1   0 17
maven-settings-3.1.1.jar org.apache.maven:maven-settings:3.1.1   0 18
maven-toolchain-1.0.jar org.apache.maven:maven-toolchain:1.0   0 15
maven-antrun-plugin-1.3.jar org.apache.maven.plugins:maven-antrun-plugin:1.3   0 18
maven-assembly-plugin-2.2-beta-5.jar org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5   0 17
maven-clean-plugin-2.5.jar org.apache.maven.plugins:maven-clean-plugin:2.5   0 18
maven-clean-plugin-2.6.1.jar org.apache.maven.plugins:maven-clean-plugin:2.6.1   0 18
maven-compiler-plugin-3.1.jar org.apache.maven.plugins:maven-compiler-plugin:3.1   0 18
maven-dependency-plugin-2.8.jar org.apache.maven.plugins:maven-dependency-plugin:2.8   0 18
maven-deploy-plugin-2.7.jar org.apache.maven.plugins:maven-deploy-plugin:2.7   0 18
maven-deploy-plugin-2.8.2.jar org.apache.maven.plugins:maven-deploy-plugin:2.8.2   0 18
maven-help-plugin-2.2.jar org.apache.maven.plugins:maven-help-plugin:2.2   0 18
maven-install-plugin-2.4.jar org.apache.maven.plugins:maven-install-plugin:2.4   0 18
maven-install-plugin-2.5.2.jar org.apache.maven.plugins:maven-install-plugin:2.5.2   0 18
maven-jar-plugin-2.4.jar org.apache.maven.plugins:maven-jar-plugin:2.4   0 18
maven-jar-plugin-2.6.jar org.apache.maven.plugins:maven-jar-plugin:2.6   0 18
maven-release-plugin-2.3.2.jar org.apache.maven.plugins:maven-release-plugin:2.3.2   0 19
maven-resources-plugin-2.6.jar org.apache.maven.plugins:maven-resources-plugin:2.6   0 18
maven-shade-plugin-2.2.jar org.apache.maven.plugins:maven-shade-plugin:2.2   0 18
maven-site-plugin-3.3.jar org.apache.maven.plugins:maven-site-plugin:3.3   0 18
maven-site-plugin-3.5.1.jar org.apache.maven.plugins:maven-site-plugin:3.5.1   0 18
maven-surefire-plugin-2.12.4.jar org.apache.maven.plugins:maven-surefire-plugin:2.12.4   0 17
maven-surefire-plugin-2.18.1.jar org.apache.maven.plugins:maven-surefire-plugin:2.18.1   0 17
maven-reporting-api-2.0.6.jar org.apache.maven.reporting:maven-reporting-api:2.0.6   0 14
maven-reporting-api-2.2.1.jar org.apache.maven.reporting:maven-reporting-api:2.2.1   0 17
maven-common-artifact-filters-1.4.jar org.apache.maven.shared:maven-common-artifact-filters:1.4   0 18
maven-dependency-tree-2.1.jar org.apache.maven.shared:maven-dependency-tree:2.1   0 18
maven-filtering-1.1.jar org.apache.maven.shared:maven-filtering:1.1   0 18
maven-shared-incremental-1.1.jar org.apache.maven.shared:maven-shared-incremental:1.1   0 18
maven-shared-utils-0.1.jar org.apache.maven.shared:maven-shared-utils:0.1   0 22
maven-shared-utils-0.7.jar org.apache.maven.shared:maven-shared-utils:0.7   0 22
wagon-provider-api-1.0-beta-6.jar org.apache.maven.wagon:wagon-provider-api:1.0-beta-6   0 17
xmlsec-1.4.5.jar org.apache.santuario:xmlsec:1.4.5   0 14
xmlsec-1.5.4.jar cpe:/a:apache:xml_security_for_java:1.5.4 org.apache.santuario:xmlsec:1.5.4 Medium 2 HIGHEST 24
xmlsec-1.5.6.jar cpe:/a:apache:xml_security_for_java:1.5.6 org.apache.santuario:xmlsec:1.5.6   0 LOW 24
xmlsec-2.0.7.jar cpe:/a:apache:xml_security_for_java:2.0.7 org.apache.santuario:xmlsec:2.0.7   0 LOW 25
solr-solrj-5.5.4.jar cpe:/a:apache:solr:5.5.4 org.apache.solr:solr-solrj:5.5.4   0 LOW 17
tomcat-embed-core-8.5.14.jar cpe:/a:apache:tomcat:8.5.14 org.apache.tomcat.embed:tomcat-embed-core:8.5.14 High 4 HIGHEST 15
tomcat-embed-core-8.5.15.jar cpe:/a:apache:tomcat:8.5.15 org.apache.tomcat.embed:tomcat-embed-core:8.5.15 High 3 LOW 15
tomcat-embed-el-8.5.14.jar org.apache.tomcat.embed:tomcat-embed-el:8.5.14   0 15
tomcat-embed-el-8.5.15.jar org.apache.tomcat.embed:tomcat-embed-el:8.5.15   0 15
tomcat-jdbc-8.5.14.jar org.apache.tomcat:tomcat-jdbc:8.5.14   0 12
tomcat-jdbc-8.5.15.jar org.apache.tomcat:tomcat-jdbc:8.5.15   0 12
tomcat-juli-8.5.14.jar org.apache.tomcat:tomcat-juli:8.5.14   0 15
tomcat-juli-8.5.15.jar org.apache.tomcat:tomcat-juli:8.5.15   0 15
xmlschema-core-2.2.1.jar org.apache.ws.xmlschema:xmlschema-core:2.2.1   0 19
xbean-reflect-3.4.jar org.apache.xbean:xbean-reflect:3.4   0 17
zookeeper-3.4.6.jar cpe:/a:apache:zookeeper:3.4.6 org.apache.zookeeper:zookeeper:3.4.6 Medium 2 LOW 15
aspectjweaver-1.8.10.jar org.aspectj:aspectjweaver:1.8.10   0 17
assertj-core-2.6.0.jar org.assertj:assertj-core:2.6.0   0 20
bcprov-jdk15on-1.54.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54
org.bouncycastle:bcprov-jdk15on:1.54   0 LOW 25
build-helper-maven-plugin-1.10.jar org.codehaus.mojo:build-helper-maven-plugin:1.10   0 15
jaxb2-maven-plugin-1.6.jar org.codehaus.mojo:jaxb2-maven-plugin:1.6   0 16
xml-maven-plugin-1.0.jar org.codehaus.mojo:xml-maven-plugin:1.0   0 16
plexus-archiver-2.8.1.jar org.codehaus.plexus:plexus-archiver:2.8.1   0 14
plexus-classworlds-2.2.2.jar org.codehaus.plexus:plexus-classworlds:2.2.2   0 15
plexus-classworlds-2.5.1.jar org.codehaus.plexus:plexus-classworlds:2.5.1   0 16
plexus-compiler-api-1.9.1.jar org.codehaus.plexus:plexus-compiler-api:1.9.1   0 16
plexus-compiler-api-2.2.jar org.codehaus.plexus:plexus-compiler-api:2.2   0 15
plexus-compiler-javac-2.2.jar org.codehaus.plexus:plexus-compiler-javac:2.2   0 16
plexus-compiler-manager-2.2.jar org.codehaus.plexus:plexus-compiler-manager:2.2   0 15
plexus-component-annotations-1.5.5.jar org.codehaus.plexus:plexus-component-annotations:1.5.5   0 16
plexus-container-default-1.0-alpha-9-stable-1.jar org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1   0 15
plexus-container-default-1.5.5.jar org.codehaus.plexus:plexus-container-default:1.5.5   0 15
plexus-interactivity-api-1.0-alpha-4.jar org.codehaus.plexus:plexus-interactivity-api:1.0-alpha-4   0 14
plexus-interpolation-1.11.jar org.codehaus.plexus:plexus-interpolation:1.11   0 14
plexus-interpolation-1.13.jar org.codehaus.plexus:plexus-interpolation:1.13   0 14
plexus-interpolation-1.21.jar org.codehaus.plexus:plexus-interpolation:1.21   0 14
plexus-io-2.3.2.jar org.codehaus.plexus:plexus-io:2.3.2   0 15
plexus-utils-1.5.1.jar org.codehaus.plexus:plexus-utils:1.5.1   0 15
plexus-utils-2.0.5.jar org.codehaus.plexus:plexus-utils:2.0.5   0 16
plexus-utils-3.0.16.jar org.codehaus.plexus:plexus-utils:3.0.16   0 16
plexus-utils-3.0.20.jar org.codehaus.plexus:plexus-utils:3.0.20   0 16
stax2-api-3.1.4.jar org.codehaus.woodstox:stax2-api:3.1.4   0 16
woodstox-core-asl-4.4.1.jar org.codehaus.woodstox:woodstox-core-asl:4.4.1   0 20
aether-api-1.0.2.v20150114.jar org.eclipse.aether:aether-api:1.0.2.v20150114   0 17
aether-impl-1.0.2.v20150114.jar org.eclipse.aether:aether-impl:1.0.2.v20150114   0 17
aether-spi-1.0.2.v20150114.jar org.eclipse.aether:aether-spi:1.0.2.v20150114   0 17
aether-util-1.0.2.v20150114.jar org.eclipse.aether:aether-util:1.0.2.v20150114   0 17
org.eclipse.sisu.inject-0.0.0.M5.jar org.eclipse.sisu:org.eclipse.sisu.inject:0.0.0.M5   0 15
org.eclipse.sisu.plexus-0.0.0.M5.jar org.eclipse.sisu:org.eclipse.sisu.plexus:0.0.0.M5   0 15
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3   0 16
hamcrest-library-1.3.jar org.hamcrest:hamcrest-library:1.3   0 16
hibernate-commons-annotations-5.0.1.Final.jar org.hibernate.common:hibernate-commons-annotations:5.0.1.Final   0 18
hibernate-core-5.0.12.Final.jar org.hibernate:hibernate-core:5.0.12.Final   0 22
hibernate-entitymanager-5.0.12.Final.jar org.hibernate:hibernate-entitymanager:5.0.12.Final   0 22
hibernate-validator-5.3.5.Final.jar cpe:/a:hibernate:hibernate_validator:5.3.5 org.hibernate:hibernate-validator:5.3.5.Final   0 LOW 22
hibernate-jpa-2.1-api-1.0.0.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final   0 16
jasypt-1.9.2.jar org.jasypt:jasypt:1.9.2   0 13
javassist-3.21.0-GA.jar org.javassist:javassist:3.21.0-GA   0 18
jandex-2.0.0.Final.jar org.jboss:jandex:2.0.0.Final   0 25
jboss-logging-3.3.1.Final.jar org.jboss.logging:jboss-logging:3.3.1.Final   0 27
jdom-1.1.jar org.jdom:jdom:1.1   0 32
mockito-core-1.10.19.jar org.mockito:mockito-core:1.10.19   0 13
noggit-0.6.jar org.noggit:noggit:0.6   0 12
objenesis-2.1.jar org.objenesis:objenesis:2.1   0 22
asm-5.0.3.jar org.ow2.asm:asm:5.0.3   0 18
dependency-check-maven-1.4.5.jar org.owasp:dependency-check-maven:1.4.5   0 17
jsonassert-1.4.0.jar org.skyscreamer:jsonassert:1.4.0   0 13
jcl-over-slf4j-1.5.6.jar org.slf4j:jcl-over-slf4j:1.5.6   0 19
jcl-over-slf4j-1.7.25.jar org.slf4j:jcl-over-slf4j:1.7.25   0 19
jul-to-slf4j-1.7.25.jar org.slf4j:jul-to-slf4j:1.7.25   0 18
log4j-over-slf4j-1.7.25.jar org.slf4j:log4j-over-slf4j:1.7.25   0 19
slf4j-api-1.5.6.jar org.slf4j:slf4j-api:1.5.6   0 19
slf4j-api-1.7.25.jar org.slf4j:slf4j-api:1.7.25   0 19
slf4j-jdk14-1.5.6.jar org.slf4j:slf4j-jdk14:1.5.6   0 19
plexus-build-api-0.0.4.jar org.sonatype.plexus:plexus-build-api:0.0.4   0 14
plexus-build-api-0.0.7.jar org.sonatype.plexus:plexus-build-api:0.0.7   0 14
plexus-cipher-1.4.jar org.sonatype.plexus:plexus-cipher:1.4   0 16
plexus-sec-dispatcher-1.3.jar org.sonatype.plexus:plexus-sec-dispatcher:1.3   0 16
sisu-guice-2.1.7-noaop.jar org.sonatype.sisu:sisu-guice:2.1.7   0 20
sisu-guice-3.1.0-no_aop.jar org.sonatype.sisu:sisu-guice:3.1.0   0 20
sisu-inject-bean-1.4.2.jar org.sonatype.sisu:sisu-inject-bean:1.4.2   0 15
sisu-inject-plexus-1.4.2.jar org.sonatype.sisu:sisu-inject-plexus:1.4.2   0 15
spring-boot-autoconfigure-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-autoconfigure:1.5.3.RELEASE   0 20
spring-boot-autoconfigure-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-autoconfigure:1.5.4.RELEASE   0 20
spring-boot-devtools-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-devtools:1.5.4.RELEASE   0 20
spring-boot-loader-tools-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-loader-tools:1.5.4.RELEASE   0 20
spring-boot-loader-tools-1.5.4.RELEASE.jar: spring-boot-loader.jar org.springframework.boot:spring-boot-loader:1.5.4.RELEASE   0 20
spring-boot-maven-plugin-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-maven-plugin:1.5.3.RELEASE   0 20
spring-boot-maven-plugin-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-maven-plugin:1.5.4.RELEASE   0 20
spring-boot-starter-aop-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-aop:1.5.3.RELEASE   0 20
spring-boot-starter-aop-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter-aop:1.5.4.RELEASE   0 20
spring-boot-starter-data-jpa-1.5.3.RELEASE.jar cpe:/a:pivotal_software:spring_data_jpa:1.5.3 org.springframework.boot:spring-boot-starter-data-jpa:1.5.3.RELEASE Medium 1 LOW 20
spring-boot-starter-data-jpa-1.5.4.RELEASE.jar cpe:/a:pivotal_software:spring_data_jpa:1.5.4 org.springframework.boot:spring-boot-starter-data-jpa:1.5.4.RELEASE Medium 1 LOW 20
spring-boot-starter-data-solr-1.5.4.RELEASE.jar cpe:/a:apache:solr:1.5.4 org.springframework.boot:spring-boot-starter-data-solr:1.5.4.RELEASE High 7 LOW 20
spring-boot-starter-jdbc-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-jdbc:1.5.3.RELEASE   0 20
spring-boot-starter-jdbc-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter-jdbc:1.5.4.RELEASE   0 20
spring-boot-starter-logging-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-logging:1.5.3.RELEASE   0 20
spring-boot-starter-logging-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter-logging:1.5.4.RELEASE   0 20
spring-boot-starter-test-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-test:1.5.3.RELEASE   0 20
spring-boot-starter-test-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter-test:1.5.4.RELEASE   0 20
spring-boot-starter-tomcat-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-tomcat:1.5.3.RELEASE   0 20
spring-boot-starter-tomcat-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter-tomcat:1.5.4.RELEASE   0 20
spring-boot-starter-web-services-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-web-services:1.5.3.RELEASE   0 20
spring-boot-starter-web-services-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter-web-services:1.5.4.RELEASE   0 20
spring-boot-starter-web-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-web:1.5.3.RELEASE   0 20
spring-boot-starter-web-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter-web:1.5.4.RELEASE   0 20
spring-boot-starter-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter:1.5.3.RELEASE   0 20
spring-boot-starter-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-starter:1.5.4.RELEASE   0 20
spring-boot-test-autoconfigure-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-test-autoconfigure:1.5.3.RELEASE   0 20
spring-boot-test-autoconfigure-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-test-autoconfigure:1.5.4.RELEASE   0 20
spring-boot-test-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-test:1.5.3.RELEASE   0 20
spring-boot-test-1.5.4.RELEASE.jar org.springframework.boot:spring-boot-test:1.5.4.RELEASE   0 20
spring-boot-1.5.3.RELEASE.jar org.springframework.boot:spring-boot:1.5.3.RELEASE   0 20
spring-boot-1.5.4.RELEASE.jar org.springframework.boot:spring-boot:1.5.4.RELEASE   0 20
spring-data-commons-1.13.3.RELEASE.jar org.springframework.data:spring-data-commons:1.13.3.RELEASE   0 16
spring-data-commons-1.13.4.RELEASE.jar org.springframework.data:spring-data-commons:1.13.4.RELEASE   0 16
spring-data-jpa-1.11.3.RELEASE.jar org.springframework.data:spring-data-jpa:1.11.3.RELEASE   0 18
spring-data-jpa-1.11.4.RELEASE.jar org.springframework.data:spring-data-jpa:1.11.4.RELEASE   0 18
spring-data-solr-2.1.4.RELEASE.jar org.springframework.data:spring-data-solr:2.1.4.RELEASE   0 18
spring-aop-4.3.8.RELEASE.jar org.springframework:spring-aop:4.3.8.RELEASE   0 13
spring-aop-4.3.9.RELEASE.jar org.springframework:spring-aop:4.3.9.RELEASE   0 13
spring-aspects-4.3.8.RELEASE.jar org.springframework:spring-aspects:4.3.8.RELEASE   0 13
spring-aspects-4.3.9.RELEASE.jar org.springframework:spring-aspects:4.3.9.RELEASE   0 13
spring-beans-4.3.8.RELEASE.jar org.springframework:spring-beans:4.3.8.RELEASE   0 13
spring-beans-4.3.9.RELEASE.jar org.springframework:spring-beans:4.3.9.RELEASE   0 13
spring-context-4.3.8.RELEASE.jar org.springframework:spring-context:4.3.8.RELEASE   0 13
spring-context-4.3.9.RELEASE.jar org.springframework:spring-context:4.3.9.RELEASE   0 13
spring-core-4.3.8.RELEASE.jar cpe:/a:pivotal:spring_framework:4.3.8
cpe:/a:pivotal_software:spring_framework:4.3.8
cpe:/a:springsource:spring_framework:4.3.8
cpe:/a:vmware:springsource_spring_framework:4.3.8
org.springframework:spring-core:4.3.8.RELEASE   0 LOW 17
spring-core-4.3.9.RELEASE.jar cpe:/a:pivotal:spring_framework:4.3.9
cpe:/a:pivotal_software:spring_framework:4.3.9
cpe:/a:springsource:spring_framework:4.3.9
cpe:/a:vmware:springsource_spring_framework:4.3.9
org.springframework:spring-core:4.3.9.RELEASE   0 LOW 17
spring-expression-4.3.8.RELEASE.jar org.springframework:spring-expression:4.3.8.RELEASE   0 13
spring-expression-4.3.9.RELEASE.jar org.springframework:spring-expression:4.3.9.RELEASE   0 13
spring-jdbc-4.3.8.RELEASE.jar org.springframework:spring-jdbc:4.3.8.RELEASE   0 13
spring-jdbc-4.3.9.RELEASE.jar org.springframework:spring-jdbc:4.3.9.RELEASE   0 13
spring-orm-4.3.8.RELEASE.jar org.springframework:spring-orm:4.3.8.RELEASE   0 13
spring-orm-4.3.9.RELEASE.jar org.springframework:spring-orm:4.3.9.RELEASE   0 13
spring-oxm-4.3.8.RELEASE.jar org.springframework:spring-oxm:4.3.8.RELEASE   0 13
spring-oxm-4.3.9.RELEASE.jar org.springframework:spring-oxm:4.3.9.RELEASE   0 13
spring-test-4.3.8.RELEASE.jar org.springframework:spring-test:4.3.8.RELEASE   0 13
spring-test-4.3.9.RELEASE.jar org.springframework:spring-test:4.3.9.RELEASE   0 13
spring-tx-4.3.8.RELEASE.jar org.springframework:spring-tx:4.3.8.RELEASE   0 13
spring-tx-4.3.9.RELEASE.jar org.springframework:spring-tx:4.3.9.RELEASE   0 13
spring-web-4.3.8.RELEASE.jar org.springframework:spring-web:4.3.8.RELEASE   0 13
spring-web-4.3.9.RELEASE.jar org.springframework:spring-web:4.3.9.RELEASE   0 13
spring-webmvc-4.3.8.RELEASE.jar org.springframework:spring-webmvc:4.3.8.RELEASE   0 13
spring-webmvc-4.3.9.RELEASE.jar org.springframework:spring-webmvc:4.3.9.RELEASE   0 13
spring-ws-core-2.4.0.RELEASE.jar org.springframework.ws:spring-ws-core:2.4.0.RELEASE   0 13
spring-xml-2.4.0.RELEASE.jar org.springframework.ws:spring-xml:2.4.0.RELEASE   0 13
jdependency-0.7.jar org.vafer:jdependency:0.7   0 13
snakeyaml-1.17.jar org.yaml:snakeyaml:1.17   0 16
wsdl4j-1.6.3.jar wsdl4j:wsdl4j:1.6.3   0 16
jaxb-core-2.2.7.jar\META-INF/maven/com.sun.xml.txw2/txw2/pom.xml com.sun.xml.txw2:txw2:20110809   0 6
jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.codemodel/codemodel/pom.xml com.sun.codemodel:codemodel:2.6   0 7
jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.istack/istack-commons-tools/pom.xml com.sun.istack:istack-commons-tools:2.16   0 6
jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.xml.dtd-parser/dtd-parser/pom.xml com.sun.xml.dtd-parser:dtd-parser:1.2-SNAPSHOT   0 7
jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.xsom/xsom/pom.xml com.sun.xsom:xsom:20110809   0 10
jaxb-xjc-2.2.7.jar\META-INF/maven/org.kohsuke.rngom/rngom/pom.xml org.kohsuke.rngom:rngom:201103-SNAPSHOT   0 6
maven-shared-utils-0.1.jar\META-INF/maven/commons-io/commons-io/pom.xml commons-io:commons-io:2.2   0 9
assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib-nodep/pom.xml cglib:cglib-nodep:3.2.4   0 4
assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib/pom.xml cglib:cglib:3.2.4   0 4

Dependencies

antlr-2.7.7.jar

Description:  A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: C:\Users\Tamara\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0

Identifiers

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain
File Path: C:\Users\Tamara\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8

Identifiers

asm-analysis-3.2.jar

File Path: C:\Users\Tamara\.m2\repository\asm\asm-analysis\3.2\asm-analysis-3.2.jar
MD5: 3bdf5175cd29999eed4b4c36543a1cb2
SHA1: c624956db93975b7197699dcd7de6145ca7cf2c8

Identifiers

asm-commons-3.3.1.jar

File Path: C:\Users\Tamara\.m2\repository\asm\asm-commons\3.3.1\asm-commons-3.3.1.jar
MD5: 5d9db6be0c31d0d895ad91af241e6fd2
SHA1: fae85e673c73f6f45386dbbcc2ae3aa6398a773f

Identifiers

asm-tree-3.3.1.jar

File Path: C:\Users\Tamara\.m2\repository\asm\asm-tree\3.3.1\asm-tree-3.3.1.jar
MD5: c01f93f2455473a97ee3f8ffa103d613
SHA1: c9723d887e26c3049944e46312bb39e7ab1a2ed2

Identifiers

asm-util-3.2.jar

File Path: C:\Users\Tamara\.m2\repository\asm\asm-util\3.2\asm-util-3.2.jar
MD5: d11e6d8b991c3a2e7a13d479c5e733e8
SHA1: 37ebfdad34d5f1f45109981465f311bbfbe82dcf

Identifiers

asm-3.3.1.jar

File Path: C:\Users\Tamara\.m2\repository\asm\asm\3.3.1\asm-3.3.1.jar
MD5: 1ad1e8959324b0f680b8e62406955642
SHA1: 1d5f20b4ea675e6fab6ab79f1cd60ec268ddc015

Identifiers

avalon-framework-4.1.3.jar

File Path: C:\Users\Tamara\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar
MD5: bef9f9be8ba066273fdef72b3503a307
SHA1: 92315ee1c4a4c90bee05055713811f28f8509075

Identifiers

backport-util-concurrent-3.1.jar

Description: Dawid Kurzyniec's backport of JSR 166

License:

Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: C:\Users\Tamara\.m2\repository\backport-util-concurrent\backport-util-concurrent\3.1\backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b

Identifiers

logback-core-1.1.11.jar

Description: logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: C:\Users\Tamara\.m2\repository\ch\qos\logback\logback-core\1.1.11\logback-core-1.1.11.jar
MD5: cc7a8deacd26b0aa2668779ce2721c0f
SHA1: 88b8df40340eed549fb07e2613879bf6b006704d

Identifiers

classworlds-1.1.jar

File Path: C:\Users\Tamara\.m2\repository\classworlds\classworlds\1.1\classworlds-1.1.jar
MD5: c20629baa65f1f2948b37aa393b0310b
SHA1: 60c708f55deeb7c5dfce8a7886ef09cbc1388eca

Identifiers

classmate-1.3.3.jar

Description: Library for introspecting types with full generic information including resolving of field and method types.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\com\fasterxml\classmate\1.3.3\classmate-1.3.3.jar
MD5: 85986d1c6a2a58901ab1ca64ff4d8a50
SHA1: 864c8e370a691e343210cc7c532fc198cee460d8

Identifiers

jackson-annotations-2.8.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.8.0\jackson-annotations-2.8.0.jar
MD5: 288e6537849f0c63e76409b515c4fbe4
SHA1: 45b426f7796b741035581a176744d91090e2e6fb

Identifiers

CVE-2016-7051  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

Vulnerable Software & Versions:

jackson-core-2.8.8.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.8.8\jackson-core-2.8.8.jar
MD5: f85e0e9af65d644d909fe2d6acc0e64c
SHA1: d478fb6de45a7c3d2cad07c8ad70c7f0a797a020

Identifiers

CVE-2016-7051  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

Vulnerable Software & Versions:

jsr305-2.0.1.jar

Description: JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\com\google\code\findbugs\jsr305\2.0.1\jsr305-2.0.1.jar
MD5: 144c0767e2aaf0c21a935908d0e52c68
SHA1: 516c03b21d50a644d538de0f0369c620989cd8f0

Identifiers

google-collections-1.0.jar

Description: Google Collections Library is a suite of new collections and collection-related goodness for Java 5.0

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\com\google\collections\google-collections\1.0\google-collections-1.0.jar
MD5: 7c882c8d734e50112000e4a88e06c535
SHA1: 9ffe71ac6dcab6bc03ea13f5c2e7b2804e69b357

Identifiers

guava-18.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\com\google\guava\guava\18.0\guava-18.0.jar
MD5: 947641f6bb535b1d942d1bc387c45290
SHA1: cce0823396aa693798f8882e64213b1772032b09

Identifiers

json-path-2.2.0.jar

Description: Java port of Stefan Goessner JsonPath.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\com\jayway\jsonpath\json-path\2.2.0\json-path-2.2.0.jar
MD5: 98ec1b51b19c21a32845ba3498df6629
SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb

Identifiers

istack-commons-runtime-2.16.jar

Description: istack common utility code

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\com\sun\istack\istack-commons-runtime\2.16\istack-commons-runtime-2.16.jar
MD5: 5581f55c46793b7bbfcad9a8aa216569
SHA1: 927eb6fbb003f40d536efd96e7cbcb7ea4c1c2d0

Identifiers

jaxb-core-2.2.7.jar

Description: JAXB (JSR 222) reference implementation - core classes

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-core\2.2.7\jaxb-core-2.2.7.jar
MD5: 86c02e79acdcdad2cfb30252a03f4ece
SHA1: f327817188a7dce503ae3c667c5931077630b0a1

Identifiers

jaxb-impl-2.2.7.jar

Description: JAXB (JSR 222) Reference Implementation

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-impl\2.2.7\jaxb-impl-2.2.7.jar
MD5: df031b548eadf4cf57ffe1ebba47d842
SHA1: a29e53347934e694c9551981cecd242fad05022b

Identifiers

jaxb-jxc-2.2.7.jar

Description: JAXB (JSR 222) reference implementation - schema generator

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-jxc\2.2.7\jaxb-jxc-2.2.7.jar
MD5: 3be35d42fab799e28f8dcf03f388cf63
SHA1: ebb367014d7db90a17108924b0f28b02e4b85645

Identifiers

jaxb-xjc-2.2.7.jar

Description: JAXB (JSR 222) reference implementation - Schema compiler

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-xjc\2.2.7\jaxb-xjc-2.2.7.jar
MD5: d772650dd816f77ed3e392503655ed88
SHA1: f351eed8b1ee9a1dd242bf81bf7a391c40a16d18

Identifiers

FastInfoset-1.2.12.jar

File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\fastinfoset\FastInfoset\1.2.12\FastInfoset-1.2.12.jar
MD5: 3af394f8b98e3a921c0719ff1dc17614
SHA1: e8c1c096162a146c2d84135c5036edf54c1b1d38

Identifiers

android-json-0.0.20131108.vaadin1.jar

Description:    JSON (JavaScript Object Notation) is a lightweight data-interchange format. This is the org.json compatible Android implementation extracted from the Android SDK  

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\com\vaadin\external\google\android-json\0.0.20131108.vaadin1\android-json-0.0.20131108.vaadin1.jar
MD5: 10612241a9cc269501a7a2b8a984b949
SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f

Identifiers

CVE-2016-5696  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-200 Information Exposure

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Vulnerable Software & Versions: (show all)

CVE-2014-6060  

Severity: Low
CVSS Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

Vulnerable Software & Versions: (show all)

CVE-2014-1939  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.

Vulnerable Software & Versions: (show all)

CVE-2013-7372  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.

Vulnerable Software & Versions: (show all)

CVE-2010-1807  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Vulnerable Software & Versions: (show all)

commons-cli-1.0.jar

Description: Commons CLI provides a simple API for working with the command line arguments and options.

File Path: C:\Users\Tamara\.m2\repository\commons-cli\commons-cli\1.0\commons-cli-1.0.jar
MD5: f6feeb3b3d95f7d09180fd71e96cead4
SHA1: 6dac9733315224fc562f6268df58e92d65fd0137

Identifiers

commons-cli-1.2.jar

Description:  Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\commons-cli\commons-cli\1.2\commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c

Identifiers

commons-codec-1.10.jar

Description:  The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\commons-codec\commons-codec\1.10\commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8

Identifiers

commons-httpclient-3.1.jar

Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

License:

Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\commons-httpclient\commons-httpclient\3.1\commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a

Identifiers

  • maven: commons-httpclient:commons-httpclient:3.1   Confidence:HIGHEST
  • cpe: cpe:/a:apache:commons-httpclient:3.1   Confidence:LOW   
  • cpe: cpe:/a:apache:httpclient:3.1   Confidence:LOW   

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

CVE-2012-6153  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

Vulnerable Software & Versions: (show all)

commons-io-1.3.2.jar

Description:  Commons-IO contains utility classes, stream implementations, file filters, and endian classes.

File Path: C:\Users\Tamara\.m2\repository\commons-io\commons-io\1.3.2\commons-io-1.3.2.jar
MD5: 903c04d1fb5d4dc81d95e4be93ff7ecd
SHA1: b6dde38349ba9bb5e6ea6320531eae969985dae5

Identifiers

commons-io-2.4.jar

Description:  The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\commons-io\commons-io\2.4\commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad

Identifiers

commons-logging-api-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Tamara\.m2\repository\commons-logging\commons-logging-api\1.1\commons-logging-api-1.1.jar
MD5: 4374238076ab08e60e0d296234480837
SHA1: 7d4cf5231d46c8524f9b9ed75bb2d1c69ab93322

Identifiers

commons-logging-1.0.4.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Tamara\.m2\repository\commons-logging\commons-logging\1.0.4\commons-logging-1.0.4.jar
MD5: 8a507817b28077e0478add944c64586a
SHA1: f029a2aefe2b3e1517573c580f948caac31b1056

Identifiers

commons-logging-1.1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

File Path: C:\Users\Tamara\.m2\repository\commons-logging\commons-logging\1.1.1\commons-logging-1.1.1.jar
MD5: ed448347fc0104034aa14c8189bf37de
SHA1: 5043bfebc3db072ed80fbd362e7caf00e885d8ae

Identifiers

commons-logging-1.1.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: C:\Users\Tamara\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar
MD5: 6b62417e77b000a87de66ee3935edbf5
SHA1: ba24d5de831911b684c92cd289ed5ff826271824

Identifiers

commons-logging-1.2.jar

Description: Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\commons-logging\commons-logging\1.2\commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: C:\Users\Tamara\.m2\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94

Identifiers

javax.annotation-api-1.2.jar

Description: Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Tamara\.m2\repository\javax\annotation\javax.annotation-api\1.2\javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146

Identifiers

jsr250-api-1.0.jar

Description: JSR-250 Reference Implementation by Glassfish

License:

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: C:\Users\Tamara\.m2\repository\javax\annotation\jsr250-api\1.0\jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf

Identifiers

cdi-api-1.0.jar

Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE

File Path: C:\Users\Tamara\.m2\repository\javax\enterprise\cdi-api\1.0\cdi-api-1.0.jar
MD5: 462c0959f0322016495f4598243bc0f2
SHA1: 44c453f60909dfc223552ace63e05c694215156b

Identifiers

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\javax\inject\javax.inject\1\javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38

Identifiers

servlet-api-2.3.jar

File Path: C:\Users\Tamara\.m2\repository\javax\servlet\servlet-api\2.3\servlet-api-2.3.jar
MD5: c097f777c6fd453277c6891b3bb4dc09
SHA1: 0137a24e9f62973f01f16dd23fc1b5a9964fd9ef

Identifiers

javax.transaction-api-1.2.jar

Description: Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Tamara\.m2\repository\javax\transaction\javax.transaction-api\1.2\javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e

Identifiers

validation-api-1.1.0.Final.jar

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\javax\validation\validation-api\1.1.0.Final\validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5

Identifiers

javax.ws.rs-api-2.0.1.jar

Description: Java API for RESTful Web Services (JAX-RS)

License:

CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\javax\ws\rs\javax.ws.rs-api\2.0.1\javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b

Identifiers

jaxb-api-2.2.7.jar

Description: JAXB (JSR 222) API

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\javax\xml\bind\jaxb-api\2.2.7\jaxb-api-2.2.7.jar
MD5: ce4bb19d3cdad814b364545692118b63
SHA1: 2f51c4bb4724ea408096ee9100ff2827e07e5b7c

Identifiers

stax-api-1.0-2.jar

Description:  StAX is a standard XML processing API that allows you to stream XML data from and to your application.

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: C:\Users\Tamara\.m2\repository\javax\xml\stream\stax-api\1.0-2\stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b

Identifiers

junit-3.8.1.jar

Description:  JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.

License:

Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txt
File Path: C:\Users\Tamara\.m2\repository\junit\junit\3.8.1\junit-3.8.1.jar
MD5: 1f40fb782a4f2cf78f161d32670f7a3a
SHA1: 99129f16442844f6a4a11ae22fbbee40b14d774f

Identifiers

junit-3.8.2.jar

Description:  JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.

License:

Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txt
File Path: C:\Users\Tamara\.m2\repository\junit\junit\3.8.2\junit-3.8.2.jar
MD5: 28e7eb9eeefe31a657c68755bfccc541
SHA1: 07e4cde26b53a9a0e3fe5b00d1dbbc7cc1d46060

Identifiers

junit-4.12.jar

Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\junit\junit\4.12\junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec

Identifiers

log4j-1.2.12.jar

File Path: C:\Users\Tamara\.m2\repository\log4j\log4j\1.2.12\log4j-1.2.12.jar
MD5: 223504f742addd3f631ed8bdf689f1c9
SHA1: 057b8740427ee6d7b0b60792751356cad17dc0d9

Identifiers

  • cpe: cpe:/a:apache:log4j:1.2.12   Confidence:LOW   
  • maven: log4j:log4j:1.2.12   Confidence:HIGHEST

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f

Identifiers

  • cpe: cpe:/a:apache:log4j:1.2.17   Confidence:LOW   
  • maven: log4j:log4j:1.2.17   Confidence:HIGHEST

logkit-1.0.1.jar

File Path: C:\Users\Tamara\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar
MD5: 32240100a5c15d53f00392fae4b0aab7
SHA1: aaf5649b523c5ffc925e746074979150bb74bfdc

Identifiers

mysql-connector-java-5.1.41.jar

Description: MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: C:\Users\Tamara\.m2\repository\mysql\mysql-connector-java\5.1.41\mysql-connector-java-5.1.41.jar
MD5: eb844eb8920b73aebe8b89d06a6a648b
SHA1: b0878056f15616989144d6114d36d3942321d0d1

Identifiers

CVE-2014-0437  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0412  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0402  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Vulnerable Software & Versions: (show all)

CVE-2014-0401  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0393  

Severity: Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0386  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0001  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Vulnerable Software & Versions: (show all)

CVE-2013-5908  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Vulnerable Software & Versions: (show all)

CVE-2013-3808  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Vulnerable Software & Versions: (show all)

CVE-2013-3804  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3802  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2013-2392  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-2391  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

Vulnerable Software & Versions: (show all)

CVE-2013-2389  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-2378  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-1555  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-1552  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2013-1548  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

Vulnerable Software & Versions: (show all)

CVE-2013-1521  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1506  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1492  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

Vulnerable Software & Versions: (show all)

CVE-2013-0389  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-0385  

Severity: Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-0384  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-0383  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions: (show all)

CVE-2012-5060  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-3197  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-3180  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-3177  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions: (show all)

CVE-2012-3173  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

Vulnerable Software & Versions: (show all)

CVE-2012-3167  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2012-3166  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-3163  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2012-3160  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Vulnerable Software & Versions: (show all)

CVE-2012-3158  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

Vulnerable Software & Versions: (show all)

CVE-2012-3150  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-2749  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

Vulnerable Software & Versions: (show all)

CVE-2012-2102  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

Vulnerable Software & Versions: (show all)

CVE-2012-1734  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1705  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1703  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

Vulnerable Software & Versions: (show all)

CVE-2012-1702  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-1697  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions: (show all)

CVE-2012-1696  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1690  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

Vulnerable Software & Versions: (show all)

CVE-2012-1689  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1688  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

Vulnerable Software & Versions: (show all)

CVE-2012-0882  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Software & Versions: (show all)

CVE-2012-0583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

Vulnerable Software & Versions: (show all)

CVE-2012-0574  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0572  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-0553  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

Vulnerable Software & Versions: (show all)

CVE-2012-0540  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-0492  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

Vulnerable Software & Versions: (show all)

CVE-2012-0490  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0485  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0484  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0120  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0119  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0118  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

Vulnerable Software & Versions: (show all)

CVE-2012-0116  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0115  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0114  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0113  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.

Vulnerable Software & Versions: (show all)

CVE-2012-0112  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0102  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

Vulnerable Software & Versions: (show all)

CVE-2012-0101  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0087  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0075  

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-2262  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2010-3840  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Vulnerable Software & Versions: (show all)

CVE-2010-3839  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

Vulnerable Software & Versions: (show all)

CVE-2010-3838  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Vulnerable Software & Versions: (show all)

CVE-2010-3837  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

Vulnerable Software & Versions: (show all)

CVE-2010-3836  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

Vulnerable Software & Versions: (show all)

CVE-2010-3835  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Vulnerable Software & Versions: (show all)

CVE-2010-3834  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

Vulnerable Software & Versions: (show all)

CVE-2010-3833  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Vulnerable Software & Versions: (show all)

CVE-2010-3683  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions: (show all)

CVE-2010-3681  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3680  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3679  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

Vulnerable Software & Versions: (show all)

CVE-2010-3678  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Vulnerable Software & Versions: (show all)

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions: (show all)

CVE-2010-3676  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

Vulnerable Software & Versions: (show all)

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions: (show all)

CVE-2010-1850  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1849  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Vulnerable Software & Versions: (show all)

CVE-2010-1848  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2009-5026  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Vulnerable Software & Versions: (show all)

CVE-2008-4098  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Vulnerable Software & Versions: (show all)

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions: (show all)

CVE-2008-0226  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerable Software & Versions: (show all)

mysql-connector-java-5.1.42.jar

Description: MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: C:\Users\Tamara\.m2\repository\mysql\mysql-connector-java\5.1.42\mysql-connector-java-5.1.42.jar
MD5: 803783e5c40c911c92d4b6b5ea324912
SHA1: 80a448a3ec2178b649bb2e3cb3610fab06e11669

Identifiers

CVE-2014-0437  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0412  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0402  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Vulnerable Software & Versions: (show all)

CVE-2014-0401  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0393  

Severity: Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0386  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0001  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Vulnerable Software & Versions: (show all)

CVE-2013-5908  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Vulnerable Software & Versions: (show all)

CVE-2013-3808  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Vulnerable Software & Versions: (show all)

CVE-2013-3804  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3802  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2013-2392  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-2391  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

Vulnerable Software & Versions: (show all)

CVE-2013-2389  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-2378  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-1555  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-1552  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2013-1548  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

Vulnerable Software & Versions: (show all)

CVE-2013-1521  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1506  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1492  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

Vulnerable Software & Versions: (show all)

CVE-2013-0389  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-0385  

Severity: Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-0384  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-0383  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions: (show all)

CVE-2012-5060  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-3197  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-3180  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-3177  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions: (show all)

CVE-2012-3173  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

Vulnerable Software & Versions: (show all)

CVE-2012-3167  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2012-3166  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-3163  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2012-3160  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Vulnerable Software & Versions: (show all)

CVE-2012-3158  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

Vulnerable Software & Versions: (show all)

CVE-2012-3150  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-2749  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

Vulnerable Software & Versions: (show all)

CVE-2012-2102  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

Vulnerable Software & Versions: (show all)

CVE-2012-1734  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1705  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1703  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

Vulnerable Software & Versions: (show all)

CVE-2012-1702  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-1697  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions: (show all)

CVE-2012-1696  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1690  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

Vulnerable Software & Versions: (show all)

CVE-2012-1689  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1688  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

Vulnerable Software & Versions: (show all)

CVE-2012-0882  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Software & Versions: (show all)

CVE-2012-0583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

Vulnerable Software & Versions: (show all)

CVE-2012-0574  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0572  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-0553  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

Vulnerable Software & Versions: (show all)

CVE-2012-0540  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-0492  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

Vulnerable Software & Versions: (show all)

CVE-2012-0490  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0485  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0484  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0120  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0119  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0118  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

Vulnerable Software & Versions: (show all)

CVE-2012-0116  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0115  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0114  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0113  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.

Vulnerable Software & Versions: (show all)

CVE-2012-0112  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0102  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

Vulnerable Software & Versions: (show all)

CVE-2012-0101  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0087  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0075  

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-2262  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2010-3840  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Vulnerable Software & Versions: (show all)

CVE-2010-3839  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

Vulnerable Software & Versions: (show all)

CVE-2010-3838  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Vulnerable Software & Versions: (show all)

CVE-2010-3837  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

Vulnerable Software & Versions: (show all)

CVE-2010-3836  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

Vulnerable Software & Versions: (show all)

CVE-2010-3835  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Vulnerable Software & Versions: (show all)

CVE-2010-3834  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

Vulnerable Software & Versions: (show all)

CVE-2010-3833  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Vulnerable Software & Versions: (show all)

CVE-2010-3683  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions: (show all)

CVE-2010-3681  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3680  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3679  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

Vulnerable Software & Versions: (show all)

CVE-2010-3678  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Vulnerable Software & Versions: (show all)

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions: (show all)

CVE-2010-3676  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

Vulnerable Software & Versions: (show all)

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions: (show all)

CVE-2010-1850  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1849  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Vulnerable Software & Versions: (show all)

CVE-2010-1848  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2009-5026  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Vulnerable Software & Versions: (show all)

CVE-2008-4098  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Vulnerable Software & Versions: (show all)

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions: (show all)

CVE-2008-0226  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerable Software & Versions: (show all)

accessors-smart-1.1.jar

Description: Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\net\minidev\accessors-smart\1.1\accessors-smart-1.1.jar
MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82
SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08

Identifiers

json-smart-2.2.1.jar

Description:  JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\net\minidev\json-smart\2.2.1\json-smart-2.2.1.jar
MD5: 4c82c537eb0ba92adad494283711cc11
SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002

Identifiers

commons-compress-1.9.jar

Description:  Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\commons\commons-compress\1.9\commons-compress-1.9.jar
MD5: 6c9ce8534b9e4c17e5dea7a97425245c
SHA1: cc18955ff1e36d5abd39a14bfe82b19154330a34

Identifiers

commons-lang3-3.1.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\commons\commons-lang3\3.1\commons-lang3-3.1.jar
MD5: 71b48e6b3e1b1dc73fe705604b9c7584
SHA1: 905075e6c80f206bbe6cf1e809d2caa69f420c76

Identifiers

cxf-core-3.1.11.jar

Description: Apache CXF Core

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\cxf\cxf-core\3.1.11\cxf-core-3.1.11.jar
MD5: 1dd451cd633941cbb7e9ccaee991667a
SHA1: caadef0efbe228b45d41fea91eb4a2928983676c

Identifiers

CVE-2012-5786  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions: (show all)

httpclient-4.5.3.jar

Description:  Apache HttpComponents Client

File Path: C:\Users\Tamara\.m2\repository\org\apache\httpcomponents\httpclient\4.5.3\httpclient-4.5.3.jar
MD5: 1965ebb7aca0f9f8faaed3870d8cf689
SHA1: d1577ae15f01ef5438c5afc62162457c00a34713

Identifiers

httpcore-4.4.6.jar

Description:  Apache HttpComponents Core (blocking I/O)

File Path: C:\Users\Tamara\.m2\repository\org\apache\httpcomponents\httpcore\4.4.6\httpcore-4.4.6.jar
MD5: a9fbd503e0802507efeeaffb56bbdf52
SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82

Identifiers

httpmime-4.5.3.jar

Description:  Apache HttpComponents HttpClient - MIME coded entities

File Path: C:\Users\Tamara\.m2\repository\org\apache\httpcomponents\httpmime\4.5.3\httpmime-4.5.3.jar
MD5: a00b6287cab2ad554ae3cbdbe983dc88
SHA1: 889fd6d061bb63b99dd5c6aba35a555ae863de52

Identifiers

maven-archetype-quickstart-1.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\archetypes\maven-archetype-quickstart\1.1\maven-archetype-quickstart-1.1.jar
MD5: 2645540a64e26dc77899b0c930654dd4
SHA1: 9afa09bd00c13b383393f67aa1e2bb8f912820fa

Identifiers

doxia-logging-api-1.1.jar

Description: Doxia Logging API.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\doxia\doxia-logging-api\1.1\doxia-logging-api-1.1.jar
MD5: 8e93b74b3fb7353322069d4c996c7887
SHA1: c8fe274396e40452ca3e6121f6dd00220b210d48

Identifiers

doxia-sink-api-1.0-alpha-7.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\doxia\doxia-sink-api\1.0-alpha-7\doxia-sink-api-1.0-alpha-7.jar
MD5: 9fc562ffc147b9f2228be67efdca1749
SHA1: 68464d54384c35119c70684d5d609b64635d1bbd

Identifiers

doxia-sink-api-1.1.jar

Description: Doxia Sink API.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\doxia\doxia-sink-api\1.1\doxia-sink-api-1.1.jar
MD5: 83936a5b87b5a2ead35c8987d984b14a
SHA1: 9fc15c69e09a14fd07acba7300009eff6e692a44

Identifiers

maven-aether-provider-3.2.1.jar

Description: Extensions to Aether for utilizing Maven POM and repository metadata.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-aether-provider\3.2.1\maven-aether-provider-3.2.1.jar
MD5: 56f135570d1c4cb8665ae21b72ff5b54
SHA1: ab57cafec4e9c2650df963d83cb173d311fcadf0

Identifiers

maven-archiver-2.6.jar

Description: Provides utility methods for creating JARs and other archive files from a Maven project.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-archiver\2.6\maven-archiver-2.6.jar
MD5: 52bf42f0ae7ff5f0075e631f76e83f4f
SHA1: e0f87fd4d03b9f0c09908c4d0c398acd501a11d8

Identifiers

maven-artifact-manager-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact-manager\2.0.6\maven-artifact-manager-2.0.6.jar
MD5: b5a0500e4c194796ac59175f64ae7029
SHA1: dc326c3a989c10618e09a7b77cadeff297591942

Identifiers

maven-artifact-manager-2.0.8.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact-manager\2.0.8\maven-artifact-manager-2.0.8.jar
MD5: 23e0851880be1408bef15e64055582b4
SHA1: bb5ba069e3460450b139075b91f27f7bd4007877

Identifiers

maven-artifact-manager-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact-manager\2.0.9\maven-artifact-manager-2.0.9.jar
MD5: 4940bb2f80c2c36f4b16250bbf383247
SHA1: 53224a5254101fb9b6d561d5a53c6d0817036d94

Identifiers

maven-artifact-manager-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact-manager\2.2.1\maven-artifact-manager-2.2.1.jar
MD5: f3e76a8a83f422a900886543c48914f7
SHA1: ec355b913c34d37080810f98e3f51abecbe1572b

Identifiers

maven-artifact-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact\2.0.6\maven-artifact-2.0.6.jar
MD5: c719aad6745c191a9ac643d82f42dd95
SHA1: fcbf6e26a6d26ecaa25c199b6f16bf168b2f28dc

Identifiers

maven-artifact-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact\2.0.9\maven-artifact-2.0.9.jar
MD5: c6f1bcc526bc0958dee6cd0fbc9a8dbe
SHA1: 66f0c8baa789fffdf54924cf395b26bbc2130435

Identifiers

maven-artifact-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact\2.2.1\maven-artifact-2.2.1.jar
MD5: 7b7613fd5db72967269abe7ab50b76e9
SHA1: 23600f790d4dab2cb965419eaa982e3e84c428f8

Identifiers

maven-artifact-3.1.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-artifact\3.1.1\maven-artifact-3.1.1.jar
MD5: 32f4cdfe73cccb1af3e5624a2406431c
SHA1: dbd94f0744545e17caa51db6fc493fc736361837

Identifiers

maven-compat-3.0.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-compat\3.0\maven-compat-3.0.jar
MD5: da4b5aceab7166994e066570cd5737be
SHA1: 475f94b86858a1d4660c4b4523aa3362f28d9317

Identifiers

maven-core-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-core\2.0.6\maven-core-2.0.6.jar
MD5: 274e632a842ad71d6432476744d7904a
SHA1: 33b78ed70029bfca9fadee5c8e7c9b27b9a39443

Identifiers

maven-core-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-core\2.0.9\maven-core-2.0.9.jar
MD5: 2f1d9ed5ae3c725349ab00e68a1c1933
SHA1: e1003a0a66dae77515259c5e591ea1cfd73c2859

Identifiers

maven-core-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-core\2.2.1\maven-core-2.2.1.jar
MD5: 7538cd62a04a378d4c1944e26c793164
SHA1: 6f488e461188496c62e161f32160b3465ce5901e

Identifiers

maven-core-3.1.1.jar

Description: Maven Core classes.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-core\3.1.1\maven-core-3.1.1.jar
MD5: f4c6ef84a6e712a1374b42139daa0784
SHA1: ab7a9b58a1a4dec17facebda058d1da2a34871ff

Identifiers

maven-error-diagnostics-2.0.6.jar

Description: Provides a manager component which will process a given Throwable instance through a set of diagnostic sub-components, and return a String message with user-friendly information about the error and possibly how to fix it.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-error-diagnostics\2.0.6\maven-error-diagnostics-2.0.6.jar
MD5: dbdd37b19cc76d3030294a041b7da02c
SHA1: 49f5380c07a79cd91ee09e0cb9063764f1f6525c

Identifiers

maven-error-diagnostics-2.0.9.jar

Description: Provides a manager component which will process a given Throwable instance through a set of diagnostic sub-components, and return a String message with user-friendly information about the error and possibly how to fix it.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-error-diagnostics\2.0.9\maven-error-diagnostics-2.0.9.jar
MD5: 4f80b83469f44cb07f6fbc3f9c2ebede
SHA1: 46cc6b69beebc7bbf59c4f3842f72f2c1942e8e5

Identifiers

maven-error-diagnostics-2.2.1.jar

Description: Provides a manager component which will process a given Throwable instance through a set of diagnostic sub-components, and return a String message with user-friendly information about the error and possibly how to fix it.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-error-diagnostics\2.2.1\maven-error-diagnostics-2.2.1.jar
MD5: 8eaa64d20f32c0b0c1beb9739bbb5fe3
SHA1: e81bb342d7d172f23d108dc8fa979a1facdcde8e

Identifiers

maven-model-builder-3.1.1.jar

Description: The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-model-builder\3.1.1\maven-model-builder-3.1.1.jar
MD5: 7447b3f33c6201f92dedbf5b4059bb4c
SHA1: 5fb53c92da84ebeff403414b667611d6bcd477cf

Identifiers

maven-model-2.0.6.jar

Description: Maven Model

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-model\2.0.6\maven-model-2.0.6.jar
MD5: a73547055286eb7f5c24ba540be92894
SHA1: 9649253c0e68a453f388e0a308c0653309f87807

Identifiers

maven-model-2.0.9.jar

Description: Maven Model

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-model\2.0.9\maven-model-2.0.9.jar
MD5: 05fc405395b7dfdd0300929fb2a16bf2
SHA1: 9fb844625928dd992842e180853fbb2b197c9a9d

Identifiers

maven-model-2.2.1.jar

Description: Maven Model

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-model\2.2.1\maven-model-2.2.1.jar
MD5: b269f663e3440e40be4b696d9b7c2260
SHA1: c0a1c17436ec3ff5a56207c031d82277b4250a29

Identifiers

maven-model-3.1.1.jar

Description: Model for Maven POM (Project Object Model)

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-model\3.1.1\maven-model-3.1.1.jar
MD5: 242061dd2741386ecef6fc26ef523215
SHA1: ccf79a1a63ef35de038a4226a952175c4e9f4f59

Identifiers

maven-monitor-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-monitor\2.0.6\maven-monitor-2.0.6.jar
MD5: f8b3e5aeef81506b436ac21aa4ebd4bc
SHA1: ab682e67281bb025980181c83acbcad19042a342

Identifiers

maven-monitor-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-monitor\2.0.9\maven-monitor-2.0.9.jar
MD5: c79613db7f94706db9ec11b772e97e51
SHA1: ae55264ab9ffbbfdba08c8c7853bbe4a2dd32e8a

Identifiers

maven-monitor-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-monitor\2.2.1\maven-monitor-2.2.1.jar
MD5: 396e401208090417e0f18ad2b1bccd92
SHA1: afc57c3a1368cd34caccb638e00523701f398c20

Identifiers

maven-plugin-api-2.0.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-api\2.0.1\maven-plugin-api-2.0.1.jar
MD5: 1d1173b5486d89e5daccf2dea36ef01a
SHA1: fa8134698dbb25d95db444b772504020cfcee10c

Identifiers

maven-plugin-api-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-api\2.0.6\maven-plugin-api-2.0.6.jar
MD5: c0f1e4fb6ded2e1b6f072314500ac353
SHA1: 52b32fd980c8ead7a3858d057330bda1ace72d9d

Identifiers

maven-plugin-api-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-api\2.0.9\maven-plugin-api-2.0.9.jar
MD5: 09a279f8115f712946ecb81f8c372325
SHA1: 8b8cae9daa688fdb57995c6835a3e24475d554c0

Identifiers

maven-plugin-api-3.1.1.jar

Description: The API for plugins - Mojos - development.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-api\3.1.1\maven-plugin-api-3.1.1.jar
MD5: 0f0d7bc9468f3c41463a539051e72d8d
SHA1: 3836a4ea31ca2d1531aa250127bc17e6e876d658

Identifiers

maven-plugin-descriptor-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-descriptor\2.0.6\maven-plugin-descriptor-2.0.6.jar
MD5: 327e6b4446e76ed1bf3a99f998ec16b0
SHA1: 30a00f4ef12d3901c4f842de99e9363e3743245f

Identifiers

maven-plugin-descriptor-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-descriptor\2.0.9\maven-plugin-descriptor-2.0.9.jar
MD5: e9793555557d308a0e32b57d4d82c6cc
SHA1: 10443d038cd57feb4a027e7dfe09bed0925a1953

Identifiers

maven-plugin-descriptor-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-descriptor\2.2.1\maven-plugin-descriptor-2.2.1.jar
MD5: f28d3a50552a8d2943587638f5f01455
SHA1: 68d20ae3c40c4664dc52be90338af796db7ffb32

Identifiers

maven-plugin-parameter-documenter-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-parameter-documenter\2.0.6\maven-plugin-parameter-documenter-2.0.6.jar
MD5: 33cbd7c01a1d83225def9ea3901dea3d
SHA1: df6fa6c4adb313cb8937ffae96368bec1fd5d13d

Identifiers

maven-plugin-parameter-documenter-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-parameter-documenter\2.0.9\maven-plugin-parameter-documenter-2.0.9.jar
MD5: 12bdfe4c6a1f42ea8c8062293fa18741
SHA1: f481e2677384f6a0ab96633567d736e70657e042

Identifiers

maven-plugin-parameter-documenter-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-parameter-documenter\2.2.1\maven-plugin-parameter-documenter-2.2.1.jar
MD5: 8ba54f6e61f1b07ec7076bd27d3eaa9c
SHA1: 1a117baac49437fc5a6fcd9f18f779e6bad4207e

Identifiers

maven-plugin-registry-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-registry\2.0.6\maven-plugin-registry-2.0.6.jar
MD5: 397c32613fb87aa3597822f7bd1a10a7
SHA1: 4242ec8629b4797387751379f57e72cb718aac7a

Identifiers

maven-plugin-registry-2.0.8.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-registry\2.0.8\maven-plugin-registry-2.0.8.jar
MD5: 5117e37cb02fb9adaf173868b6a48536
SHA1: 37385b508a04d77575c6b5542b88bd96f5257541

Identifiers

maven-plugin-registry-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-registry\2.0.9\maven-plugin-registry-2.0.9.jar
MD5: 1f00b6993350f474c5ba3d2f216454f9
SHA1: a7172a87a7cb901cf6df4df9fd89a3c2d3f8a770

Identifiers

maven-plugin-registry-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-plugin-registry\2.2.1\maven-plugin-registry-2.2.1.jar
MD5: 46a27ab81d327e3f5fd1d3e435fe2aad
SHA1: 72a24b7775649af78f3986b5aa7eb354b9674cfd

Identifiers

maven-profile-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-profile\2.0.6\maven-profile-2.0.6.jar
MD5: 55a264a0d89e84074bd6b54738bdb539
SHA1: f03cd3820d2b4d60b93ccd17a1c14e8eeef63f79

Identifiers

maven-profile-2.0.8.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-profile\2.0.8\maven-profile-2.0.8.jar
MD5: 70e5ea5d77b39aed07c2473f9f9e6e97
SHA1: 4da3b9551606437a80bdc695c4fafde03a037ab9

Identifiers

maven-profile-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-profile\2.0.9\maven-profile-2.0.9.jar
MD5: e1478a4633fef786e33e2717681fe199
SHA1: 0b9b02df9134bff9edb4f4e1624243d005895234

Identifiers

maven-profile-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-profile\2.2.1\maven-profile-2.2.1.jar
MD5: 53dd14e28aaad4bd5dd379dfdbf46a4c
SHA1: 3950071587027e5086e9c395574a60650c432738

Identifiers

maven-project-2.0.6.jar

Description: This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-project\2.0.6\maven-project-2.0.6.jar
MD5: c0261a3f01afc3f720b13d67eb3bf448
SHA1: c0df764cd8f5bac660bfa53fa97fdd53663ee308

Identifiers

maven-project-2.0.8.jar

Description: This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-project\2.0.8\maven-project-2.0.8.jar
MD5: 18f6eb03145aa8d63d98abe227978170
SHA1: 00475a52c7181930b1680fce3269245ccc26e3de

Identifiers

maven-project-2.0.9.jar

Description: This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-project\2.0.9\maven-project-2.0.9.jar
MD5: 5f83007173bd07249b00420ebbd813b0
SHA1: 30ec37813df5a212888a1f3df0b27497ecef4ad8

Identifiers

maven-project-2.2.1.jar

Description: This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-project\2.2.1\maven-project-2.2.1.jar
MD5: 8f9382d7c0c120e94c2aaf8bbe817b6f
SHA1: 8239e98c16f641d55a4ad0e0bab0aee3aff8933f

Identifiers

maven-repository-metadata-2.0.6.jar

Description: Maven Plugin Mapping

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-repository-metadata\2.0.6\maven-repository-metadata-2.0.6.jar
MD5: c0d62f5257816b463c4638aa4057c891
SHA1: ae64379396d2eba33616ce1e0a458c3a744b317b

Identifiers

maven-repository-metadata-2.0.9.jar

Description: Maven Plugin Mapping

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-repository-metadata\2.0.9\maven-repository-metadata-2.0.9.jar
MD5: 566d26822d3f3fc8e6a884cd6809d70e
SHA1: dd79022a827b1d577865d5c97f8ad0c7d6b067b7

Identifiers

maven-repository-metadata-2.2.1.jar

Description: Per-directory repository metadata.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-repository-metadata\2.2.1\maven-repository-metadata-2.2.1.jar
MD5: c426b243119831168af2fbd767254f59
SHA1: 98f0c07fcf1eeb213bef8d9316a9935184084b06

Identifiers

maven-repository-metadata-3.1.1.jar

Description: Per-directory local and remote repository metadata.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-repository-metadata\3.1.1\maven-repository-metadata-3.1.1.jar
MD5: 04ac2c679942b4e4d6140dcbad09c153
SHA1: ef5bccf2a7a22a326c8fe94e1d56f6f15419bedd

Identifiers

maven-settings-builder-3.1.1.jar

Description: The effective settings builder, with inheritance and password decryption.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-settings-builder\3.1.1\maven-settings-builder-3.1.1.jar
MD5: 78e94e8af3ebba1b54e06dc30f3a499d
SHA1: e2d5e96ea4bbd4fc463dbb76d07dd8aefac05e3c

Identifiers

maven-settings-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-settings\2.0.6\maven-settings-2.0.6.jar
MD5: 2f7740bafacc2493f9b813af45d1ae35
SHA1: 5da16cf9def50e3a352cd7e8923a49ebd72003b8

Identifiers

maven-settings-2.0.9.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-settings\2.0.9\maven-settings-2.0.9.jar
MD5: 6a19eb17efdb4e0c1dd65c32e87b1019
SHA1: ab8d338c00fab0db29af358ab0676c3c02d7329f

Identifiers

maven-settings-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-settings\2.2.1\maven-settings-2.2.1.jar
MD5: 7c3dcffd55434a860339dba78f0c165a
SHA1: 2236ffe71fa5f78ce42b0f5fc22c54ed45f14294

Identifiers

maven-settings-3.1.1.jar

Description: Maven Settings model.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-settings\3.1.1\maven-settings-3.1.1.jar
MD5: 6c3d69b07dca9143cae8b63090ba7d1f
SHA1: 311d38cf15ec7f5c713985862632db91b7a827af

Identifiers

maven-toolchain-1.0.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\maven-toolchain\1.0\maven-toolchain-1.0.jar
MD5: fe52e10c1e277686f0b8492585771d98
SHA1: 1ff4a3f5869f68dfa05562a84e7a5d510d909608

Identifiers

maven-antrun-plugin-1.3.jar

Description: Runs Ant scripts embedded in the POM

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-antrun-plugin\1.3\maven-antrun-plugin-1.3.jar
MD5: d1cd013909700b1e9d42b8bae0503d70
SHA1: a1481166aa4a16c3a37e65f40847e238cc878709

Identifiers

maven-assembly-plugin-2.2-beta-5.jar

Description: A Maven 2 plugin to create archives of your project's sources, classes, dependencies etc. from flexible assembly descriptors.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-assembly-plugin\2.2-beta-5\maven-assembly-plugin-2.2-beta-5.jar
MD5: 369b5f7cc9bdd267b78cbc9bfaaee436
SHA1: b1fd2e4dea47cb9c2858d26ad0aa608b802d34e2

Identifiers

maven-clean-plugin-2.5.jar

Description:  The Maven Clean Plugin is a plugin that removes files generated at build-time in a project's directory.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-clean-plugin\2.5\maven-clean-plugin-2.5.jar
MD5: 9a18e4d3f6e6495ed92b7d4694b41e66
SHA1: 75653decaefa85ca8114ff3a4f869bb2ee6d605d

Identifiers

maven-clean-plugin-2.6.1.jar

Description:  The Maven Clean Plugin is a plugin that removes files generated at build-time in a project's directory.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-clean-plugin\2.6.1\maven-clean-plugin-2.6.1.jar
MD5: 8dcc382dc49b8156a676b1074b4aacfe
SHA1: bfdf7d6c2f8fc8759457e9d54f458ba56ac7b30f

Identifiers

maven-compiler-plugin-3.1.jar

Description: The Compiler Plugin is used to compile the sources of your project.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-compiler-plugin\3.1\maven-compiler-plugin-3.1.jar
MD5: 4a14a33ab69db9dadfb4d41449ebc651
SHA1: 9977a8d04e75609cf01badc4eb6a9c7198c4c5ea

Identifiers

maven-dependency-plugin-2.8.jar

Description: Provides utility goals to work with dependencies like copying, unpacking, analyzing, resolving and many more.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-dependency-plugin\2.8\maven-dependency-plugin-2.8.jar
MD5: 1dda6a8a4fcb804c82a39c2a2bbac6ab
SHA1: 04c8dedf3d9b2a3f45f3daa93e11ca547d2063ca

Identifiers

maven-deploy-plugin-2.7.jar

Description: Uploads the project artifacts to the internal remote repository.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-deploy-plugin\2.7\maven-deploy-plugin-2.7.jar
MD5: 6dda96c529a615853a71a3fdcd7b0e77
SHA1: 6dadfb75679ca010b41286794f737088ebfe12fd

Identifiers

maven-deploy-plugin-2.8.2.jar

Description: Uploads the project artifacts to the internal remote repository.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-deploy-plugin\2.8.2\maven-deploy-plugin-2.8.2.jar
MD5: c9f211a7ddbaae0583dde1408c48138a
SHA1: 3c2d83ecd387e9843142ae92a0439792c1500319

Identifiers

maven-help-plugin-2.2.jar

Description:  The Maven Help plugin provides goals aimed at helping to make sense out of the build environment. It includes the ability to view the effective POM and settings files, after inheritance and active profiles have been applied, as well as a describe a particular plugin goal to give usage information.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-help-plugin\2.2\maven-help-plugin-2.2.jar
MD5: 71ae3f213f69fb6b85ac4891f8d18484
SHA1: c8b771337bbe83860e351d2f594287d94aefc305

Identifiers

maven-install-plugin-2.4.jar

Description: Copies the project artifacts to the user's local repository.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-install-plugin\2.4\maven-install-plugin-2.4.jar
MD5: f5bb3c264487db208f3fcd71c3208d7d
SHA1: 9d1316166fe4c313f56276935e08df11f45267c2

Identifiers

maven-install-plugin-2.5.2.jar

Description: Copies the project artifacts to the user's local repository.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-install-plugin\2.5.2\maven-install-plugin-2.5.2.jar
MD5: 5d888555943fb34ffc35eac586e7747e
SHA1: 8a67631619fc3c1d1f036e59362ddce71e1e496f

Identifiers

maven-jar-plugin-2.4.jar

Description: Builds a Java Archive (JAR) file from the compiled project classes and resources.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-jar-plugin\2.4\maven-jar-plugin-2.4.jar
MD5: 0cdeb5ec79a2135a1eaa4718b087bbb1
SHA1: e3200bcf357b5c5e26df072d27df160546bb079a

Identifiers

maven-jar-plugin-2.6.jar

Description: Builds a Java Archive (JAR) file from the compiled project classes and resources.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-jar-plugin\2.6\maven-jar-plugin-2.6.jar
MD5: a96e43f51ae2520c93e491ff1c89d491
SHA1: 618f08d0fcdd3929af846ef1b65503b5904f93e3

Identifiers

maven-release-plugin-2.3.2.jar

Description: This plugin is used to release a project with Maven, saving a lot of repetitive, manual work.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-release-plugin\2.3.2\maven-release-plugin-2.3.2.jar
MD5: 08beb022e4cf36ccad791756c57a6c3b
SHA1: 1bf8cccad0d273db8deb88fe2368c0be96766855

Identifiers

maven-resources-plugin-2.6.jar

Description:  The Resources Plugin handles the copying of project resources to the output directory. There are two different kinds of resources: main resources and test resources. The difference is that the main resources are the resources associated to the main source code while the test resources are associated to the test source code. Thus, this allows the separation of resources for the main source code and its unit tests.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-resources-plugin\2.6\maven-resources-plugin-2.6.jar
MD5: e7cc4bbb6888e6c9dd5acdad08cf4bd3
SHA1: dd093ff6a4b680eae7ae83b5ab04310249fc6590

Identifiers

maven-shade-plugin-2.2.jar

Description:  Repackages the project classes together with their dependencies into a single uber-jar, optionally renaming classes or removing unused classes.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-shade-plugin\2.2\maven-shade-plugin-2.2.jar
MD5: df19051da7ce8de9bc4742d0b1051d21
SHA1: 71450816528f4565b853c6ab2e9d4451fc50e130

Identifiers

maven-site-plugin-3.3.jar

Description: The Maven Site Plugin is a plugin that generates a site for the current project.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-site-plugin\3.3\maven-site-plugin-3.3.jar
MD5: 0a4bf1cf2f7f6fef8479f5a4efb8f2e3
SHA1: 77ba1752b1ac4c4339d6f11554800960a56a4ae1

Identifiers

maven-site-plugin-3.5.1.jar

Description: The Maven Site Plugin is a plugin that generates a site for the current project.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-site-plugin\3.5.1\maven-site-plugin-3.5.1.jar
MD5: d8d82805807d877e5269f195b3809a0b
SHA1: 73b29fa407ee39cc62e80d6edcc4ec8078276408

Identifiers

maven-surefire-plugin-2.12.4.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-surefire-plugin\2.12.4\maven-surefire-plugin-2.12.4.jar
MD5: 39e2c062e476ffa7702354dcf3ed5730
SHA1: 2b435f7f77777d2e62354fdc690da3f1dc47a26b

Identifiers

maven-surefire-plugin-2.18.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\plugins\maven-surefire-plugin\2.18.1\maven-surefire-plugin-2.18.1.jar
MD5: 32c355be4424c35f6aab5f6954b06011
SHA1: 402fd3066fd6d85ea4a1a3e7cd82a7e35037e6e8

Identifiers

maven-reporting-api-2.0.6.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\reporting\maven-reporting-api\2.0.6\maven-reporting-api-2.0.6.jar
MD5: 1d29edd74852d0cfc1d65cfa89a68256
SHA1: 29ec352c90968c345b628be6c40ddfb5ec7010a8

Identifiers

maven-reporting-api-2.2.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\reporting\maven-reporting-api\2.2.1\maven-reporting-api-2.2.1.jar
MD5: 5e680d893d92086dffd8cc42637ceb0f
SHA1: 61942e490c112f84b3a1a61572d570f369414939

Identifiers

maven-common-artifact-filters-1.4.jar

Description: A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\shared\maven-common-artifact-filters\1.4\maven-common-artifact-filters-1.4.jar
MD5: f349d565d928ff833dd1118ea565810e
SHA1: de97ff2efd804f06c3698a914f2d55205742bcc4

Identifiers

maven-dependency-tree-2.1.jar

Description: A tree-based API for resolution of Maven project dependencies

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\shared\maven-dependency-tree\2.1\maven-dependency-tree-2.1.jar
MD5: b992f12a1ec7c95d6c5956bbac5b9ffa
SHA1: 29c4d6aeae519809b9af0607156bbdd174efb0bb

Identifiers

maven-filtering-1.1.jar

Description: A component to assist in filtering of resource files with properties from a Maven project.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\shared\maven-filtering\1.1\maven-filtering-1.1.jar
MD5: 3b5b0ada45051e5ab5052aecf3edfcc0
SHA1: c223ff4ef9e9b3b51b2c9310dda59527a4b85baf

Identifiers

maven-shared-incremental-1.1.jar

Description:  Various utility classes and plexus components for supporting incremental build functionality in maven plugins.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\shared\maven-shared-incremental\1.1\maven-shared-incremental-1.1.jar
MD5: 8a48e08aa027a7ac33fcc85054512021
SHA1: 9d017a7584086755445c0a260dd9a1e9eae161a5

Identifiers

maven-shared-utils-0.1.jar

Description: Shared utils without any further dependencies

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\shared\maven-shared-utils\0.1\maven-shared-utils-0.1.jar
MD5: f3d7be3cea603eeb617655fb1b9df622
SHA1: 5366d4739b5239472598227e80b97ad57f5d95e4

Identifiers

maven-shared-utils-0.7.jar

Description: Shared utils without any further dependencies

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\shared\maven-shared-utils\0.7\maven-shared-utils-0.7.jar
MD5: 96ba4884a1c007e9c88cbc300fdada45
SHA1: 0704e679088765e7df5e1ef3eef400c4a061c9ef

Identifiers

wagon-provider-api-1.0-beta-6.jar

Description: Maven Wagon API that defines the contract between different Wagon implementations

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\wagon\wagon-provider-api\1.0-beta-6\wagon-provider-api-1.0-beta-6.jar
MD5: 63826e38e44f08e7935c1d173667ed8c
SHA1: 3f952e0282ae77ae59851d96bb18015e520b6208

Identifiers

xmlsec-1.4.5.jar

Description:  Apache Santuario supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the Java library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\santuario\xmlsec\1.4.5\xmlsec-1.4.5.jar
MD5: 53ab7eba96041095a1ed4ac0363499bb
SHA1: bbf6ed865e4920a068e389f6fa2c0465aebaca7b

Identifiers

xmlsec-1.5.4.jar

Description:  Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\santuario\xmlsec\1.5.4\xmlsec-1.5.4.jar
MD5: c44d93d852fbac4c5097ae5d8e5c978b
SHA1: dff1ca1279fd24182ee530982927156256c02f8d

Identifiers

CVE-2013-4517  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

Vulnerable Software & Versions: (show all)

CVE-2013-2172  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Vulnerable Software & Versions: (show all)

xmlsec-1.5.6.jar

Description:  Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\santuario\xmlsec\1.5.6\xmlsec-1.5.6.jar
MD5: 592e0d74b5d62663ff1eb0ca95b410cc
SHA1: 0586cd437eaf166640b632eb6cfcfec2ebf52474

Identifiers

xmlsec-2.0.7.jar

Description:  Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\santuario\xmlsec\2.0.7\xmlsec-2.0.7.jar
MD5: 6105e54dd419b20ee397458974340240
SHA1: 58f340ddee6c7796ba0d8b0b359ccbeffe8d965d

Identifiers

solr-solrj-5.5.4.jar

Description: Apache Solr Solrj

File Path: C:\Users\Tamara\.m2\repository\org\apache\solr\solr-solrj\5.5.4\solr-solrj-5.5.4.jar
MD5: 0843db89c8e0b5aac990b9f9f2fed14a
SHA1: 0b6a9482376946fd1c0314d9e2de97fe830c651e

Identifiers

tomcat-embed-core-8.5.14.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\8.5.14\tomcat-embed-core-8.5.14.jar
MD5: 2e7be3ef2d5347ef9719d16454019ec4
SHA1: 7ce577af04cadd7ab4b36f71503fc688d5d52ccf

Identifiers

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

CVE-2017-5664  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Vulnerable Software & Versions: (show all)

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

tomcat-embed-core-8.5.15.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\8.5.15\tomcat-embed-core-8.5.15.jar
MD5: 962f629414b07cfe10972b19275eb803
SHA1: f197a93ae66212767b004fd93d7a1a8ea62bc3fa

Identifiers

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

tomcat-embed-el-8.5.14.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\embed\tomcat-embed-el\8.5.14\tomcat-embed-el-8.5.14.jar
MD5: 6d38635ee4c9b16687cd2c8f6e67a4f9
SHA1: 9e8a7cd67420d9857dbc62f84a3082c2a4b4b3eb

Identifiers

tomcat-embed-el-8.5.15.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\embed\tomcat-embed-el\8.5.15\tomcat-embed-el-8.5.15.jar
MD5: cc96b0e1501bdac3fdf6e94f2323ba61
SHA1: e4000e5386056eeebb43bf71e7d30c58d2473166

Identifiers

tomcat-jdbc-8.5.14.jar

Description: Tomcat JDBC Pool Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\tomcat-jdbc\8.5.14\tomcat-jdbc-8.5.14.jar
MD5: 005102c347c15437bb4b63cb78d14b4b
SHA1: 1303e59a4b69dd126454132cf6f6bc2d0fbd90ec

Identifiers

tomcat-jdbc-8.5.15.jar

Description: Tomcat JDBC Pool Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\tomcat-jdbc\8.5.15\tomcat-jdbc-8.5.15.jar
MD5: 360f9844d0ac2657577aad18d7ddbb3e
SHA1: 1f802a58c21283fcdff1572a390bf98ae7231ea3

Identifiers

tomcat-juli-8.5.14.jar

Description: Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\tomcat-juli\8.5.14\tomcat-juli-8.5.14.jar
MD5: fc6328950fe10cf775ffe35690ec770c
SHA1: dbd351147d692d88107a780a932646af2258fc5d

Identifiers

tomcat-juli-8.5.15.jar

Description: Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\tomcat\tomcat-juli\8.5.15\tomcat-juli-8.5.15.jar
MD5: cdac5d6ec401c5510089f7fc42ee97ed
SHA1: b21c47750b0d0356acbbbf0c30cb36cb2268dc8d

Identifiers

xmlschema-core-2.2.1.jar

Description: Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\ws\xmlschema\xmlschema-core\2.2.1\xmlschema-core-2.2.1.jar
MD5: bab3d98961f361b5e66dbcdadaad1ecf
SHA1: 02eff1f3776590d4c51cc735eab2143c497329f2

Identifiers

xbean-reflect-3.4.jar

Description: XBean is a plugin based server architecture.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\xbean\xbean-reflect\3.4\xbean-reflect-3.4.jar
MD5: e618633fb6eac298a9c13b98c59b10c7
SHA1: 26fd55dceb037f4789b399b22874d74f4d2db66f

Identifiers

zookeeper-3.4.6.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\apache\zookeeper\zookeeper\3.4.6\zookeeper-3.4.6.jar
MD5: 7d01d317c717268725896cfb81b18152
SHA1: 01b2502e29da1ebaade2357cd1de35a855fa3755

Identifiers

CVE-2016-5017  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

Vulnerable Software & Versions: (show all)

CVE-2014-0085  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Software & Versions: (show all)

aspectjweaver-1.8.10.jar

Description: The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\org\aspectj\aspectjweaver\1.8.10\aspectjweaver-1.8.10.jar
MD5: 4f965cdc6a8f1731e538492a6f54a20a
SHA1: e198c5fee28988c355f74e06461614eae36b2032

Identifiers

assertj-core-2.6.0.jar

Description: Rich and fluent assertions for testing

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\assertj\assertj-core\2.6.0\assertj-core-2.6.0.jar
MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2
SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad

Identifiers

bcprov-jdk15on-1.54.jar

Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: C:\Users\Tamara\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.54\bcprov-jdk15on-1.54.jar
MD5: 66a9905f98513cc5e53eabcc9af3c0fb
SHA1: 1acdedeb89f1d950d67b73d481eb7736df65eedb

Identifiers

  • cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54   Confidence:LOW   
  • cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54   Confidence:LOW   
  • maven: org.bouncycastle:bcprov-jdk15on:1.54   Confidence:HIGHEST

build-helper-maven-plugin-1.10.jar

Description: This plugin contains various small independent goals to assist with Maven build lifecycle

License:

The MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: C:\Users\Tamara\.m2\repository\org\codehaus\mojo\build-helper-maven-plugin\1.10\build-helper-maven-plugin-1.10.jar
MD5: b5b521d5b9c8975cbdbef4023fbf3d8f
SHA1: 7c8364f48a35da821d679211443fc7a255866b95

Identifiers

jaxb2-maven-plugin-1.6.jar

Description: Mojo's JAXB-2 Maven plugin is used to create an object graph from XSDs based on the JAXB 2.1 implementation and to generate XSDs from JAXB annotated Java classes.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\codehaus\mojo\jaxb2-maven-plugin\1.6\jaxb2-maven-plugin-1.6.jar
MD5: 0fdba52c9b81dbbbbd3f134c7f5e144e
SHA1: 08d75f07ac438bf52684aa517c650e7bb00bfdf3

Identifiers

xml-maven-plugin-1.0.jar

Description: A plugin for various XML related tasks like validation, transformation, and the like.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\codehaus\mojo\xml-maven-plugin\1.0\xml-maven-plugin-1.0.jar
MD5: fc0a0b073a114830e0c54e791019b69e
SHA1: e4ad14347b48c504ea6f097155a353f8321cb51b

Identifiers

plexus-archiver-2.8.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-archiver\2.8.1\plexus-archiver-2.8.1.jar
MD5: 82e179bd11b1f06339b1f70b46ecb735
SHA1: 303776b3f932488380e34fe43b51ab1bbd717b8a

Identifiers

plexus-classworlds-2.2.2.jar

Description: A class loader framework

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.2.2\plexus-classworlds-2.2.2.jar
MD5: a7d552779645c1f7368fdaef3401c9cc
SHA1: 3a2bad2b58c1ca765d3f471cea8c1655d70fdfd9

Identifiers

plexus-classworlds-2.5.1.jar

Description: A class loader framework

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.5.1\plexus-classworlds-2.5.1.jar
MD5: 68f4007be15d717d09373575278c08c1
SHA1: 98fea8e8c3fb0e8670a69ad6ea445872c9972910

Identifiers

plexus-compiler-api-1.9.1.jar

Description: Plexus Compilers component's API to manipulate compilers.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-compiler-api\1.9.1\plexus-compiler-api-1.9.1.jar
MD5: bba33a2a4446ccec027f3a3a8304dc2b
SHA1: 6615c34ced74106ee4561f76a093b59ea7fc52b9

Identifiers

plexus-compiler-api-2.2.jar

Description: Plexus Compilers component's API to manipulate compilers.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-compiler-api\2.2\plexus-compiler-api-2.2.jar
MD5: 085672a9fff1b6006f1dc6b44260a2b1
SHA1: e9fe39d3b428df50637cccd434b414192e833754

Identifiers

plexus-compiler-javac-2.2.jar

Description: Javac Compiler support for Plexus Compiler component.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-compiler-javac\2.2\plexus-compiler-javac-2.2.jar
MD5: 806ac3c657d8eae839a6a126f3c107d5
SHA1: 2f3de65bca1d5e6198d3839510a876b29af7b6fd

Identifiers

plexus-compiler-manager-2.2.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-compiler-manager\2.2\plexus-compiler-manager-2.2.jar
MD5: 1ac53eb22fb4c832e3b1f9d98d9db229
SHA1: e65c11400242a7a082f9f0d12ffec13dc26ab4c0

Identifiers

plexus-component-annotations-1.5.5.jar

Description:  Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with standard annotations instead of javadoc annotations.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-component-annotations\1.5.5\plexus-component-annotations-1.5.5.jar
MD5: ef37dcdb84030422db428b63c4354e5b
SHA1: c72f2660d0cbed24246ddb55d7fdc4f7374d2078

Identifiers

plexus-container-default-1.0-alpha-9-stable-1.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-container-default\1.0-alpha-9-stable-1\plexus-container-default-1.0-alpha-9-stable-1.jar
MD5: 99533a9d3e0fa3280cd0bd3426c5f99b
SHA1: 94aea3010e250a334d9dab7f591114cd6c767458

Identifiers

plexus-container-default-1.5.5.jar

Description:  The Plexus IoC container API and its default implementation.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-container-default\1.5.5\plexus-container-default-1.5.5.jar
MD5: 9207a5b343b0cb5d22b09f41e87fce00
SHA1: 0265fa2851d31c2e2177859a518987595efe146b

Identifiers

plexus-interactivity-api-1.0-alpha-4.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-interactivity-api\1.0-alpha-4\plexus-interactivity-api-1.0-alpha-4.jar
MD5: c8ce4cfd3b7b6419c00dcb780a6eb603
SHA1: 0a8f1178664a5457eef3f4531eb62f9505e1295f

Identifiers

plexus-interpolation-1.11.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.11\plexus-interpolation-1.11.jar
MD5: d5ef768cef9a261d569ff1f672324154
SHA1: ad9dddff6043194904ad1d2c00ff1d003c3915f7

Identifiers

plexus-interpolation-1.13.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.13\plexus-interpolation-1.13.jar
MD5: 5c73687acbbe51f07d3b563fd1c656b1
SHA1: 1740038076cec1946fd28ed5ac5c1688f7cf7630

Identifiers

plexus-interpolation-1.21.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.21\plexus-interpolation-1.21.jar
MD5: 6629656495f4e5eac4f244fe3b252ea1
SHA1: f92de59d295f16868001644acc21720f3ec9eb15

Identifiers

plexus-io-2.3.2.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-io\2.3.2\plexus-io-2.3.2.jar
MD5: fa24d683566cea401900b7e6623ad47e
SHA1: 092039985681333499e44f032887b6e340816a1d

Identifiers

plexus-utils-1.5.1.jar

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-utils\1.5.1\plexus-utils-1.5.1.jar
MD5: 2a666534a425add50d017d4aa06a6fca
SHA1: 342d1eb41a2bc7b52fa2e54e9872463fc86e2650

Identifiers

plexus-utils-2.0.5.jar

Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-utils\2.0.5\plexus-utils-2.0.5.jar
MD5: 2cdd259db323d528c7c4ee7dfb1c6d4d
SHA1: 7841ba10ea46c9611ce702c3833ff9fccc8ae6eb

Identifiers

plexus-utils-3.0.16.jar

Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-utils\3.0.16\plexus-utils-3.0.16.jar
MD5: 226f7eebd4492d83cf5b5a613874dad2
SHA1: c0088b2d0d7a21955a874e88612e0fd461ef5407

Identifiers

plexus-utils-3.0.20.jar

Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.

File Path: C:\Users\Tamara\.m2\repository\org\codehaus\plexus\plexus-utils\3.0.20\plexus-utils-3.0.20.jar
MD5: 938c786f2aca49b44b0cbfd39db51c5a
SHA1: e121ed37af8ee3928952f6d8a303de24e019aab0

Identifiers

stax2-api-3.1.4.jar

Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: C:\Users\Tamara\.m2\repository\org\codehaus\woodstox\stax2-api\3.1.4\stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7

Identifiers

woodstox-core-asl-4.4.1.jar

Description: Woodstox is a high-performance XML processor that implements Stax (JSR-173) and SAX2 APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\codehaus\woodstox\woodstox-core-asl\4.4.1\woodstox-core-asl-4.4.1.jar
MD5: 1f53f91f117288fb2ef2e120f27e5498
SHA1: 84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1

Identifiers

aether-api-1.0.2.v20150114.jar

Description:  The application programming interface for the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\org\eclipse\aether\aether-api\1.0.2.v20150114\aether-api-1.0.2.v20150114.jar
MD5: 17cca827aa6a828de92225021df327a7
SHA1: 839f93a5213fb3e233b09bfd6d6b95669f7043c0

Identifiers

aether-impl-1.0.2.v20150114.jar

Description:  An implementation of the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\org\eclipse\aether\aether-impl\1.0.2.v20150114\aether-impl-1.0.2.v20150114.jar
MD5: 90c5812e3e05a2419b47edd075920c3b
SHA1: f147539e6e60dfbda9ef7f6d750066170f61b7a1

Identifiers

aether-spi-1.0.2.v20150114.jar

Description:  The service provider interface for repository system implementations and repository connectors.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\org\eclipse\aether\aether-spi\1.0.2.v20150114\aether-spi-1.0.2.v20150114.jar
MD5: 27c2dcac7a0cd4818874d2c14abfd34e
SHA1: 8428dfa330107984f3e3ac05cc3ebd50b2676866

Identifiers

aether-util-1.0.2.v20150114.jar

Description:  A collection of utility classes to ease usage of the repository system.

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\org\eclipse\aether\aether-util\1.0.2.v20150114\aether-util-1.0.2.v20150114.jar
MD5: ae0f47f571109fe3b7b40a7dea085714
SHA1: d2d3c74a5210544b5cdce89a2c1d1c62835692d1

Identifiers

org.eclipse.sisu.inject-0.0.0.M5.jar

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.inject\0.0.0.M5\org.eclipse.sisu.inject-0.0.0.M5.jar
MD5: 8676e5cace1cbe75966671dd6a768642
SHA1: 4f6bda3f528c60a12e70db2e7a3feee539dcc8cd

Identifiers

org.eclipse.sisu.plexus-0.0.0.M5.jar

License:

http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Tamara\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.plexus\0.0.0.M5\org.eclipse.sisu.plexus-0.0.0.M5.jar
MD5: 0d4b01fed48a36a59a1ccc421093ccf6
SHA1: 8818cc5a4d2afde2fbc87c2a78cf1ebf5719a869

Identifiers

hamcrest-core-1.3.jar

Description:  This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: C:\Users\Tamara\.m2\repository\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0

Identifiers

hamcrest-library-1.3.jar

Description:  Hamcrest library of matcher implementations.

File Path: C:\Users\Tamara\.m2\repository\org\hamcrest\hamcrest-library\1.3\hamcrest-library-1.3.jar
MD5: 110ad2ea84f7031a1798648b6b318e79
SHA1: 4785a3c21320980282f9f33d0d1264a69040538f

Identifiers

hibernate-commons-annotations-5.0.1.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\Tamara\.m2\repository\org\hibernate\common\hibernate-commons-annotations\5.0.1.Final\hibernate-commons-annotations-5.0.1.Final.jar
MD5: 2a9d6f5a4ece96557bc4300ecc4486fb
SHA1: 71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879

Identifiers

hibernate-core-5.0.12.Final.jar

Description: The core O/RM functionality as provided by Hibernate

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\Tamara\.m2\repository\org\hibernate\hibernate-core\5.0.12.Final\hibernate-core-5.0.12.Final.jar
MD5: 226c1afa3e0a7213400b0fd55d6f3b61
SHA1: e58bf1c660e6706d8e2cbb53bae110f574366102

Identifiers

hibernate-entitymanager-5.0.12.Final.jar

Description: Hibernate O/RM implementation of the JPA specification

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\Tamara\.m2\repository\org\hibernate\hibernate-entitymanager\5.0.12.Final\hibernate-entitymanager-5.0.12.Final.jar
MD5: bd685c02dd805104726721411207e885
SHA1: 302a526f5058290e9cbd719a5caf9f248d344719

Identifiers

hibernate-validator-5.3.5.Final.jar

Description: Hibernate's Bean Validation (JSR-303) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\hibernate\hibernate-validator\5.3.5.Final\hibernate-validator-5.3.5.Final.jar
MD5: bd241d9104768ad5ef698d58534c0bce
SHA1: 0622a9bcef2eed6d41b5b8e0662c36212009e375

Identifiers

hibernate-jpa-2.1-api-1.0.0.Final.jar

Description: Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details

License:

Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: C:\Users\Tamara\.m2\repository\org\hibernate\javax\persistence\hibernate-jpa-2.1-api\1.0.0.Final\hibernate-jpa-2.1-api-1.0.0.Final.jar
MD5: 01b091825023c97fdfd6d2bceebe03ff
SHA1: 5e731d961297e5a07290bfaf3db1fbc8bbbf405a

Identifiers

jasypt-1.9.2.jar

Description: Java library which enables encryption in java apps with minimum effort.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\jasypt\jasypt\1.9.2\jasypt-1.9.2.jar
MD5: 92a13d215927d3d5fccb5487c1b13ba2
SHA1: 91eee489a389faba9fc57bfee75c87c615c19cd7

Identifiers

javassist-3.21.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: C:\Users\Tamara\.m2\repository\org\javassist\javassist\3.21.0-GA\javassist-3.21.0-GA.jar
MD5: 3dba2305f842c2891df0a0926e18bcfa
SHA1: 598244f595db5c5fb713731eddbb1c91a58d959b

Identifiers

jandex-2.0.0.Final.jar

Description: Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\jboss\jandex\2.0.0.Final\jandex-2.0.0.Final.jar
MD5: a76f6c70f99b5d9c6cd14180df0b6df1
SHA1: 3e899258936f94649c777193e1be846387ed54b3

Identifiers

jboss-logging-3.3.1.Final.jar

Description: The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\jboss\logging\jboss-logging\3.3.1.Final\jboss-logging-3.3.1.Final.jar
MD5: 93cf8945ff84aaf9f0ed9a76991338fb
SHA1: c46217ab74b532568c0ed31dc599db3048bd1b67

Identifiers

jdom-1.1.jar

Description:  JDOM is, quite simply, a Java representation of an XML document. JDOM provides a way to represent that document for easy and efficient reading, manipulation, and writing. It has a straightforward API, is a lightweight and fast, and is optimized for the Java programmer. It's an alternative to DOM and SAX, although it integrates well with both DOM and SAX.

File Path: C:\Users\Tamara\.m2\repository\org\jdom\jdom\1.1\jdom-1.1.jar
MD5: adf67fc5dcf48e1593640ad7e02f6ad4
SHA1: 1d04c0f321ea337f3661cf7ede8f4c6f653a8fdd

Identifiers

mockito-core-1.10.19.jar

Description: Mock objects library for java

License:

The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE
File Path: C:\Users\Tamara\.m2\repository\org\mockito\mockito-core\1.10.19\mockito-core-1.10.19.jar
MD5: c1967f0a515c4b8155f62478ec823464
SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe

Identifiers

noggit-0.6.jar

Description: Noggit is the world's fastest streaming JSON parser for Java.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\noggit\noggit\0.6\noggit-0.6.jar
MD5: 9440bd2e9201f69b7967832de17e068c
SHA1: fa94a59c44b39ee710f3c9451750119e432326c0

Identifiers

objenesis-2.1.jar

Description: A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\objenesis\objenesis\2.1\objenesis-2.1.jar
MD5: 32ccb1d20a42b5aaaceb90c9082a2efa
SHA1: 87c0ea803b69252868d09308b4618f766f135a96

Identifiers

asm-5.0.3.jar

File Path: C:\Users\Tamara\.m2\repository\org\ow2\asm\asm\5.0.3\asm-5.0.3.jar
MD5: ccebee99fb8cdd50e1967680a2eac0ba
SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa

Identifiers

dependency-check-maven-1.4.5.jar

Description: dependency-check-maven is a Maven Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies. The plugin will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.

File Path: C:\Users\Tamara\.m2\repository\org\owasp\dependency-check-maven\1.4.5\dependency-check-maven-1.4.5.jar
MD5: d44dbd782c52e7f87c1c90bdb74d810c
SHA1: ae387c8e4c8297d3fe9cf0f1915f2cf1eb0470bf

Identifiers

jsonassert-1.4.0.jar

Description: A library to develop RESTful but flexible APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\skyscreamer\jsonassert\1.4.0\jsonassert-1.4.0.jar
MD5: 5d8b0cc1089c3dc08214f86a873d895b
SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb

Identifiers

jcl-over-slf4j-1.5.6.jar

Description:  JCL 1.1.1 implementation over SLF4J

File Path: C:\Users\Tamara\.m2\repository\org\slf4j\jcl-over-slf4j\1.5.6\jcl-over-slf4j-1.5.6.jar
MD5: 4ab274630492c6896f1eb88023af3c07
SHA1: 629680940b7dcb02c3904deb85992b462c42e272

Identifiers

jcl-over-slf4j-1.7.25.jar

Description: JCL 1.2 implemented over SLF4J

File Path: C:\Users\Tamara\.m2\repository\org\slf4j\jcl-over-slf4j\1.7.25\jcl-over-slf4j-1.7.25.jar
MD5: 56b22adc639b09b2e917f42d68b26600
SHA1: f8c32b13ff142a513eeb5b6330b1588dcb2c0461

Identifiers

jul-to-slf4j-1.7.25.jar

Description: JUL to SLF4J bridge

File Path: C:\Users\Tamara\.m2\repository\org\slf4j\jul-to-slf4j\1.7.25\jul-to-slf4j-1.7.25.jar
MD5: ab28124cb05fec600f2ffe37b94629e0
SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76

Identifiers

log4j-over-slf4j-1.7.25.jar

Description: Log4j implemented over SLF4J

License:

Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\slf4j\log4j-over-slf4j\1.7.25\log4j-over-slf4j-1.7.25.jar
MD5: fb818c7981d842875905587a61f2b942
SHA1: a87bb47468f47ee7aabbd54f93e133d4215769c3

Identifiers

slf4j-api-1.5.6.jar

Description: The slf4j API

File Path: C:\Users\Tamara\.m2\repository\org\slf4j\slf4j-api\1.5.6\slf4j-api-1.5.6.jar
MD5: ca55c6dae5d0f9a8a829720408918586
SHA1: ec9b7142625dfa1dcaf22db99ecb7c555ffa714d

Identifiers

slf4j-api-1.7.25.jar

Description: The slf4j API

File Path: C:\Users\Tamara\.m2\repository\org\slf4j\slf4j-api\1.7.25\slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a

Identifiers

slf4j-jdk14-1.5.6.jar

Description:  The slf4j JDK14 binding

File Path: C:\Users\Tamara\.m2\repository\org\slf4j\slf4j-jdk14\1.5.6\slf4j-jdk14-1.5.6.jar
MD5: bca9b637bc7d0f99cd1f3dc16cb91039
SHA1: cc383fbd07dd1826bbcba1b907bbdc0b5be627f1

Identifiers

plexus-build-api-0.0.4.jar

File Path: C:\Users\Tamara\.m2\repository\org\sonatype\plexus\plexus-build-api\0.0.4\plexus-build-api-0.0.4.jar
MD5: 13d7fef2a986970e589f5ea1019dc05f
SHA1: 8fdcf45c2fad3052a51385fdfc79753d9124a1a7

Identifiers

plexus-build-api-0.0.7.jar

File Path: C:\Users\Tamara\.m2\repository\org\sonatype\plexus\plexus-build-api\0.0.7\plexus-build-api-0.0.7.jar
MD5: 49f0f8c6bdf2687e358870a4fc1559c6
SHA1: e6ba5cd4bfd8de00235af936e7f63eb24ed436e6

Identifiers

plexus-cipher-1.4.jar

File Path: C:\Users\Tamara\.m2\repository\org\sonatype\plexus\plexus-cipher\1.4\plexus-cipher-1.4.jar
MD5: 7b2d6fcf0d5800d5b1ce09d98d98dcaf
SHA1: 50ade46f23bb38cd984b4ec560c46223432aac38

Identifiers

plexus-sec-dispatcher-1.3.jar

File Path: C:\Users\Tamara\.m2\repository\org\sonatype\plexus\plexus-sec-dispatcher\1.3\plexus-sec-dispatcher-1.3.jar
MD5: 53160199f5667de3fca69b723173639b
SHA1: dedc02034fb8fcd7615d66593228cb71709134b4

Identifiers

sisu-guice-2.1.7-noaop.jar

Description: Guice trunk with some patches applied for Sisu

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\sonatype\sisu\sisu-guice\2.1.7\sisu-guice-2.1.7-noaop.jar
MD5: f1d341b68fc25c53321eb00cf87b82b0
SHA1: 8cb56e976b8e0e7b23f2969c32bef7b830c6d6ed

Identifiers

sisu-guice-3.1.0-no_aop.jar

Description: Patched build of Guice: a lightweight dependency injection framework for Java 5 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\sonatype\sisu\sisu-guice\3.1.0\sisu-guice-3.1.0-no_aop.jar
MD5: 19f877ae736fa153a545d0cf801dcec9
SHA1: 97c87d15d749c86b2be1b9809b28321a1d926c7f

Identifiers

sisu-inject-bean-1.4.2.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\sonatype\sisu\sisu-inject-bean\1.4.2\sisu-inject-bean-1.4.2.jar
MD5: 400f9ca3cb77d34f159127769cb89e92
SHA1: 5cf37202afbaae899d63dd51b46d173df650af1b

Identifiers

sisu-inject-plexus-1.4.2.jar

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\sonatype\sisu\sisu-inject-plexus\1.4.2\sisu-inject-plexus-1.4.2.jar
MD5: 9c1bfd74a76af0757b348554d9a1facc
SHA1: 53d863ed4879d4a43ad7aee7bc63f935cc513353

Identifiers

spring-boot-autoconfigure-1.5.3.RELEASE.jar

Description: Spring Boot AutoConfigure

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-autoconfigure\1.5.3.RELEASE\spring-boot-autoconfigure-1.5.3.RELEASE.jar
MD5: ed9fd89f47a140124a5e2b6d07517dd9
SHA1: b2b4d4a704f039bf22787cc412b1dd34741821fc

Identifiers

spring-boot-autoconfigure-1.5.4.RELEASE.jar

Description: Spring Boot AutoConfigure

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-autoconfigure\1.5.4.RELEASE\spring-boot-autoconfigure-1.5.4.RELEASE.jar
MD5: 03bc3a0621cf24d122079d650a9c0eb2
SHA1: 5591fa7358d950f374532c7d92dccf113ebfa1bb

Identifiers

spring-boot-devtools-1.5.4.RELEASE.jar

Description: Spring Boot Developer Tools

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-devtools\1.5.4.RELEASE\spring-boot-devtools-1.5.4.RELEASE.jar
MD5: 0600dca4dcf6aefbfb0eb121dd5d0168
SHA1: a2529c5831fef1338f56bb894a2d85e195923ad6

Identifiers

spring-boot-loader-tools-1.5.4.RELEASE.jar

Description: Spring Boot Loader Tools

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-loader-tools\1.5.4.RELEASE\spring-boot-loader-tools-1.5.4.RELEASE.jar
MD5: cd6c632f5f9e5d4b4aa1317f4d4ed39d
SHA1: 0067ba8d60de0aa7633e8b9a50eb11a83d69f944

Identifiers

spring-boot-loader-tools-1.5.4.RELEASE.jar: spring-boot-loader.jar

Description: Spring Boot Loader

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-loader-tools\1.5.4.RELEASE\spring-boot-loader-tools-1.5.4.RELEASE.jar\META-INF\loader\spring-boot-loader.jar
MD5: fa8b54f23b4e0b2e39f382f11196caca
SHA1: dd3a8fedbe790b8696269ead179521c972608ecc

Identifiers

spring-boot-maven-plugin-1.5.3.RELEASE.jar

Description: Spring Boot Maven Plugin

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-maven-plugin\1.5.3.RELEASE\spring-boot-maven-plugin-1.5.3.RELEASE.jar
MD5: f75707b9c22e3e6c9851dcd2c6b24280
SHA1: f731986a4462809c58c6c98a09658b84a17c5d97

Identifiers

spring-boot-maven-plugin-1.5.4.RELEASE.jar

Description: Spring Boot Maven Plugin

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-maven-plugin\1.5.4.RELEASE\spring-boot-maven-plugin-1.5.4.RELEASE.jar
MD5: 4ab65f6a9b2777568c8e723011b567d8
SHA1: cd1d8ac8cb32f40a3da4ad87690d930afd1f43e1

Identifiers

spring-boot-starter-aop-1.5.3.RELEASE.jar

Description: Starter for aspect-oriented programming with Spring AOP and AspectJ

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-aop\1.5.3.RELEASE\spring-boot-starter-aop-1.5.3.RELEASE.jar
MD5: 09eb38091a05ca1cfd3e3bbd2bf2802c
SHA1: 7e75f8ddc608c7aecf944b90888a18c884178371

Identifiers

spring-boot-starter-aop-1.5.4.RELEASE.jar

Description: Starter for aspect-oriented programming with Spring AOP and AspectJ

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-aop\1.5.4.RELEASE\spring-boot-starter-aop-1.5.4.RELEASE.jar
MD5: 3991fdf97135ae47e59c9596cba0f7ee
SHA1: 1650672554abd364c728de5ce1aba7c28181968c

Identifiers

spring-boot-starter-data-jpa-1.5.3.RELEASE.jar

Description: Starter for using Spring Data JPA with Hibernate

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-data-jpa\1.5.3.RELEASE\spring-boot-starter-data-jpa-1.5.3.RELEASE.jar
MD5: b1947aa4964379985683f4ca915eafd1
SHA1: 67f1d0cc0fdeb20595c54ce3340f048fe3b6f67f

Identifiers

CVE-2016-6652  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.

Vulnerable Software & Versions: (show all)

spring-boot-starter-data-jpa-1.5.4.RELEASE.jar

Description: Starter for using Spring Data JPA with Hibernate

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-data-jpa\1.5.4.RELEASE\spring-boot-starter-data-jpa-1.5.4.RELEASE.jar
MD5: 5b50af16091032478618490e17f76d49
SHA1: 61bafdbd6d31e67b024c432de34a19b35e46c062

Identifiers

CVE-2016-6652  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.

Vulnerable Software & Versions: (show all)

spring-boot-starter-data-solr-1.5.4.RELEASE.jar

Description: Starter for using the Apache Solr search platform with Spring Data Solr

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-data-solr\1.5.4.RELEASE\spring-boot-starter-data-solr-1.5.4.RELEASE.jar
MD5: 4ac0e9bf7edf85e6e7ac2807685ecd3f
SHA1: f36965eabc75b0c000bc1196b3853ebafab222aa

Identifiers

CVE-2015-8797  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

Vulnerable Software & Versions:

CVE-2015-8796  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

Vulnerable Software & Versions:

CVE-2015-8795  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

Vulnerable Software & Versions:

CVE-2013-6408  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

Vulnerable Software & Versions: (show all)

CVE-2013-6407  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2013-6397  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

Vulnerable Software & Versions: (show all)

CVE-2012-6612  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

Vulnerable Software & Versions: (show all)

spring-boot-starter-jdbc-1.5.3.RELEASE.jar

Description: Starter for using JDBC with the Tomcat JDBC connection pool

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-jdbc\1.5.3.RELEASE\spring-boot-starter-jdbc-1.5.3.RELEASE.jar
MD5: a84774d638e02f02389da93edb7f69ff
SHA1: 8f1cdf7364558dd808e575c5815dd1ceaa99bcc5

Identifiers

spring-boot-starter-jdbc-1.5.4.RELEASE.jar

Description: Starter for using JDBC with the Tomcat JDBC connection pool

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-jdbc\1.5.4.RELEASE\spring-boot-starter-jdbc-1.5.4.RELEASE.jar
MD5: f4ca7c9862490fa320f185f640be3ebb
SHA1: 587ab04faeaeb2cbec0adf8fba68ee278d2c8764

Identifiers

spring-boot-starter-logging-1.5.3.RELEASE.jar

Description: Starter for logging using Logback. Default logging starter

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-logging\1.5.3.RELEASE\spring-boot-starter-logging-1.5.3.RELEASE.jar
MD5: 4fdfab90d61678a550e75ba40b2d080e
SHA1: ae7f1d938755553b228dd7a7f98aebb0a683c099

Identifiers

spring-boot-starter-logging-1.5.4.RELEASE.jar

Description: Starter for logging using Logback. Default logging starter

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-logging\1.5.4.RELEASE\spring-boot-starter-logging-1.5.4.RELEASE.jar
MD5: e2c9cd832a5632a8f828aa83b40715d0
SHA1: 6b4364cfee82890ce9a9c2c59066f3a6e525debd

Identifiers

spring-boot-starter-test-1.5.3.RELEASE.jar

Description: Starter for testing Spring Boot applications with libraries including JUnit, Hamcrest and Mockito

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-test\1.5.3.RELEASE\spring-boot-starter-test-1.5.3.RELEASE.jar
MD5: 7ef4b12d43a48dce7b86854f8de6ed82
SHA1: c04072c6637e9a7798ef152dc04581d2644b56ed

Identifiers

spring-boot-starter-test-1.5.4.RELEASE.jar

Description: Starter for testing Spring Boot applications with libraries including JUnit, Hamcrest and Mockito

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-test\1.5.4.RELEASE\spring-boot-starter-test-1.5.4.RELEASE.jar
MD5: eef18cfdd1f1ec6bbf64ed6624c6a546
SHA1: a764033c4be6e73310a6b12604a37c20d3bd0176

Identifiers

spring-boot-starter-tomcat-1.5.3.RELEASE.jar

Description: Starter for using Tomcat as the embedded servlet container. Default servlet container starter used by spring-boot-starter-web

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-tomcat\1.5.3.RELEASE\spring-boot-starter-tomcat-1.5.3.RELEASE.jar
MD5: 4c04660aad3543b38622a2f66e4591a1
SHA1: 1b71416805e0bbf6885ee65aae440adbad0afe60

Identifiers

spring-boot-starter-tomcat-1.5.4.RELEASE.jar

Description: Starter for using Tomcat as the embedded servlet container. Default servlet container starter used by spring-boot-starter-web

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-tomcat\1.5.4.RELEASE\spring-boot-starter-tomcat-1.5.4.RELEASE.jar
MD5: c3d5f760fff60f059d2b377158e7d0c0
SHA1: d7e26f1d0e594bd1aab7da227649fc12c1958416

Identifiers

spring-boot-starter-web-services-1.5.3.RELEASE.jar

Description: Starter for using Spring Web Services

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-web-services\1.5.3.RELEASE\spring-boot-starter-web-services-1.5.3.RELEASE.jar
MD5: 1bfe9a7d704cb48b7ac846463dd5e69b
SHA1: 9465d5ccc939e6fbdbb0af822f5414be7b0d4979

Identifiers

spring-boot-starter-web-services-1.5.4.RELEASE.jar

Description: Starter for using Spring Web Services

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-web-services\1.5.4.RELEASE\spring-boot-starter-web-services-1.5.4.RELEASE.jar
MD5: ea6bfa7d1a785fe1c921fce3acdac2a5
SHA1: 40eb6d53642bd0f16db3cc3108233646bc9044e2

Identifiers

spring-boot-starter-web-1.5.3.RELEASE.jar

Description: Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-web\1.5.3.RELEASE\spring-boot-starter-web-1.5.3.RELEASE.jar
MD5: cd4d64d2f32ae9193f5ec080fbba51a7
SHA1: 37469baf2a75a9d2230391a5038f49d4018d2bcc

Identifiers

spring-boot-starter-web-1.5.4.RELEASE.jar

Description: Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter-web\1.5.4.RELEASE\spring-boot-starter-web-1.5.4.RELEASE.jar
MD5: 4543018151a8d7b3b26bc114c1be0a41
SHA1: 005d6c554f34b20dffcbdfc7edf9b80956e2dace

Identifiers

spring-boot-starter-1.5.3.RELEASE.jar

Description: Core starter, including auto-configuration support, logging and YAML

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter\1.5.3.RELEASE\spring-boot-starter-1.5.3.RELEASE.jar
MD5: dbed0cb5ae026c536bebed50af82b417
SHA1: 03b966d5e3d422474b7af2e73ae0d371ae02718b

Identifiers

spring-boot-starter-1.5.4.RELEASE.jar

Description: Core starter, including auto-configuration support, logging and YAML

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-starter\1.5.4.RELEASE\spring-boot-starter-1.5.4.RELEASE.jar
MD5: cea52c15cc8e873abf367235a94a37fe
SHA1: 74d5aa641503ddd12833c82cc19b295f9f40e8fa

Identifiers

spring-boot-test-autoconfigure-1.5.3.RELEASE.jar

Description: Spring Boot Test Auto-Configure

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-test-autoconfigure\1.5.3.RELEASE\spring-boot-test-autoconfigure-1.5.3.RELEASE.jar
MD5: 09e9393f9f2316ba70df15eb64e2488e
SHA1: b0469a036d8c23f1d48e1a5bf9c0443ef2aa0fc3

Identifiers

spring-boot-test-autoconfigure-1.5.4.RELEASE.jar

Description: Spring Boot Test Auto-Configure

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-test-autoconfigure\1.5.4.RELEASE\spring-boot-test-autoconfigure-1.5.4.RELEASE.jar
MD5: 2ccd6fe9bfb4b70ca0c8b824d5a06d73
SHA1: 5c751eb6cfa58c86ba4ffc4c3334faf4331d5385

Identifiers

spring-boot-test-1.5.3.RELEASE.jar

Description: Spring Boot Test

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-test\1.5.3.RELEASE\spring-boot-test-1.5.3.RELEASE.jar
MD5: 9116aa5363615823c80f90902eaeebd1
SHA1: ad57d8bacb4fc147ded7c99806f8693855f5fe29

Identifiers

spring-boot-test-1.5.4.RELEASE.jar

Description: Spring Boot Test

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot-test\1.5.4.RELEASE\spring-boot-test-1.5.4.RELEASE.jar
MD5: 15f1f2758643aeb2631dddd4b4ce3cfc
SHA1: a7a68089a6cf35db5587029e5c163466dadf7c5b

Identifiers

spring-boot-1.5.3.RELEASE.jar

Description: Spring Boot

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot\1.5.3.RELEASE\spring-boot-1.5.3.RELEASE.jar
MD5: 36bbf6aff3f56046cf4f8ac9373886be
SHA1: 5fedde3489afd5dbd82f9122aaec4c9f6da3d564

Identifiers

spring-boot-1.5.4.RELEASE.jar

Description: Spring Boot

File Path: C:\Users\Tamara\.m2\repository\org\springframework\boot\spring-boot\1.5.4.RELEASE\spring-boot-1.5.4.RELEASE.jar
MD5: 1720a2ed8b2f62d318c0bb9a9d19e5bf
SHA1: 0cf51bb0751c1362a417eb59824d27d2907780d2

Identifiers

spring-data-commons-1.13.3.RELEASE.jar

File Path: C:\Users\Tamara\.m2\repository\org\springframework\data\spring-data-commons\1.13.3.RELEASE\spring-data-commons-1.13.3.RELEASE.jar
MD5: ba49322acc61dcd574f0277a3dd3fd76
SHA1: f8be49f9564b7b8736d8f1ebb55bbf4997c29514

Identifiers

spring-data-commons-1.13.4.RELEASE.jar

File Path: C:\Users\Tamara\.m2\repository\org\springframework\data\spring-data-commons\1.13.4.RELEASE\spring-data-commons-1.13.4.RELEASE.jar
MD5: bdae258cef2314600ff8fcdf45371cae
SHA1: 1a45b99bd63449ba31963237993d4a45b9f96abc

Identifiers

spring-data-jpa-1.11.3.RELEASE.jar

Description: Spring Data module for JPA repositories.

File Path: C:\Users\Tamara\.m2\repository\org\springframework\data\spring-data-jpa\1.11.3.RELEASE\spring-data-jpa-1.11.3.RELEASE.jar
MD5: b924f0004504065af93052de1bd4356b
SHA1: 32394b68dd3eb580ace408c0c8b886601cc88288

Identifiers

spring-data-jpa-1.11.4.RELEASE.jar

Description: Spring Data module for JPA repositories.

File Path: C:\Users\Tamara\.m2\repository\org\springframework\data\spring-data-jpa\1.11.4.RELEASE\spring-data-jpa-1.11.4.RELEASE.jar
MD5: f9a6ecced5bfc3dbb8f98eeab35feb1a
SHA1: 9f559debeb095fb0040102aef37e5fee2830a470

Identifiers

spring-data-solr-2.1.4.RELEASE.jar

Description: Spring Data module providing support for Apache Solr repositories.

File Path: C:\Users\Tamara\.m2\repository\org\springframework\data\spring-data-solr\2.1.4.RELEASE\spring-data-solr-2.1.4.RELEASE.jar
MD5: 8b5c6270b67720c358772443ec0b7fb5
SHA1: a3f325c470553f94778c0db53b015731b76ab499

Identifiers

spring-aop-4.3.8.RELEASE.jar

Description: Spring AOP

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-aop\4.3.8.RELEASE\spring-aop-4.3.8.RELEASE.jar
MD5: 5deeeecf0dfd3f9847818a6b1deecb7d
SHA1: 2ee7e60f8838bff13c5def48fab571ab10553e5d

Identifiers

spring-aop-4.3.9.RELEASE.jar

Description: Spring AOP

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-aop\4.3.9.RELEASE\spring-aop-4.3.9.RELEASE.jar
MD5: 32cfd593ee80cebf3d7f62b71822cefc
SHA1: 95f5f5cf3cae64266a89dc1bc9e0484425cd8358

Identifiers

spring-aspects-4.3.8.RELEASE.jar

Description: Spring Aspects

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-aspects\4.3.8.RELEASE\spring-aspects-4.3.8.RELEASE.jar
MD5: 840fac1b13468236a8f3bf7aef6c7b68
SHA1: 3db6b9e840cebde1edc08069d7edc6d03e7e682c

Identifiers

spring-aspects-4.3.9.RELEASE.jar

Description: Spring Aspects

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-aspects\4.3.9.RELEASE\spring-aspects-4.3.9.RELEASE.jar
MD5: 095c1b780f6030099cde650b6cff0d62
SHA1: 6030e253c56ff13df8c1c0e5e17c3b50e5e368b9

Identifiers

spring-beans-4.3.8.RELEASE.jar

Description: Spring Beans

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-beans\4.3.8.RELEASE\spring-beans-4.3.8.RELEASE.jar
MD5: 7c96285cc326b14a5d1aae925bf121f3
SHA1: 9d39133bb80e13d643bfefd731fe86cab3aa2bd7

Identifiers

spring-beans-4.3.9.RELEASE.jar

Description: Spring Beans

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-beans\4.3.9.RELEASE\spring-beans-4.3.9.RELEASE.jar
MD5: e0fe409de1d8103d8d24d1dd5258719a
SHA1: daa5abf3779c8cad1a2910e1ea08e4272489d8ae

Identifiers

spring-context-4.3.8.RELEASE.jar

Description: Spring Context

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-context\4.3.8.RELEASE\spring-context-4.3.8.RELEASE.jar
MD5: 7512e2be5a2ef287b6625ea13ead6c37
SHA1: 944073ac58ab78b78a7694d2c53d4ae9f634c815

Identifiers

spring-context-4.3.9.RELEASE.jar

Description: Spring Context

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-context\4.3.9.RELEASE\spring-context-4.3.9.RELEASE.jar
MD5: 252df23fde22e09e10bbf08df6c7d8bf
SHA1: a186823724f03b98becd5f93b1fa107fe6f7a7ff

Identifiers

spring-core-4.3.8.RELEASE.jar

Description: Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-core\4.3.8.RELEASE\spring-core-4.3.8.RELEASE.jar
MD5: 6cfb77086005e125dff38f180c90f093
SHA1: cce6c251249e48f0a86aa578c2a0e262efa5a1e0

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:4.3.8   Confidence:LOW   
  • cpe: cpe:/a:pivotal_software:spring_framework:4.3.8   Confidence:LOW   
  • cpe: cpe:/a:springsource:spring_framework:4.3.8   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.3.8   Confidence:LOW   
  • maven: org.springframework:spring-core:4.3.8.RELEASE   Confidence:HIGHEST

spring-core-4.3.9.RELEASE.jar

Description: Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-core\4.3.9.RELEASE\spring-core-4.3.9.RELEASE.jar
MD5: 5c65d00be86f4d6ba636f7602f50f287
SHA1: 430b7298bfb85d66fb61e19ca8f06231b911e9f5

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:4.3.9   Confidence:LOW   
  • cpe: cpe:/a:pivotal_software:spring_framework:4.3.9   Confidence:LOW   
  • cpe: cpe:/a:springsource:spring_framework:4.3.9   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.3.9   Confidence:LOW   
  • maven: org.springframework:spring-core:4.3.9.RELEASE   Confidence:HIGHEST

spring-expression-4.3.8.RELEASE.jar

Description: Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-expression\4.3.8.RELEASE\spring-expression-4.3.8.RELEASE.jar
MD5: 4f2642b43ef001ec3007f28fc6cd7c51
SHA1: 0204f7e241f42f46b16baa3d190752703efd7797

Identifiers

spring-expression-4.3.9.RELEASE.jar

Description: Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-expression\4.3.9.RELEASE\spring-expression-4.3.9.RELEASE.jar
MD5: de5be7ca2c095bb8dd12c58db9321369
SHA1: 4edca6913da9e62a6586714e053e01a61952a153

Identifiers

spring-jdbc-4.3.8.RELEASE.jar

Description: Spring JDBC

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-jdbc\4.3.8.RELEASE\spring-jdbc-4.3.8.RELEASE.jar
MD5: a1c0a06703b1382dd6dea40fb364cbcb
SHA1: 55b84eaa488b3659dae971573aad35fe6f549011

Identifiers

spring-jdbc-4.3.9.RELEASE.jar

Description: Spring JDBC

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-jdbc\4.3.9.RELEASE\spring-jdbc-4.3.9.RELEASE.jar
MD5: ef3d59b762299e7b598d30ff450bade4
SHA1: ef8476b954a4211a21147b3ae15996443a76c6f8

Identifiers

spring-orm-4.3.8.RELEASE.jar

Description: Spring Object/Relational Mapping

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-orm\4.3.8.RELEASE\spring-orm-4.3.8.RELEASE.jar
MD5: d749ea43cca9eccf9900341c45a6127e
SHA1: 347119fc607f2a6261abb253a41c85caf4cef8ad

Identifiers

spring-orm-4.3.9.RELEASE.jar

Description: Spring Object/Relational Mapping

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-orm\4.3.9.RELEASE\spring-orm-4.3.9.RELEASE.jar
MD5: 835b3f7914b7e3fd1d1b6dd70c214a21
SHA1: ea9de867a7b686744f0e0bc1ecfcc9d3844e4cd7

Identifiers

spring-oxm-4.3.8.RELEASE.jar

Description: Spring Object/XML Marshalling

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-oxm\4.3.8.RELEASE\spring-oxm-4.3.8.RELEASE.jar
MD5: 5bb9a40a20603a1499deb44a50ab4e35
SHA1: 65ba0d05277ea25e166a493508ed13b3fd7c7e10

Identifiers

spring-oxm-4.3.9.RELEASE.jar

Description: Spring Object/XML Marshalling

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-oxm\4.3.9.RELEASE\spring-oxm-4.3.9.RELEASE.jar
MD5: f4a0b8749358ae95a939dc6c44de0df8
SHA1: 73ada2015865c0aaff419c4ed28bac7257f1bc85

Identifiers

spring-test-4.3.8.RELEASE.jar

Description: Spring TestContext Framework

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-test\4.3.8.RELEASE\spring-test-4.3.8.RELEASE.jar
MD5: afa8fa874accdaf421dc0e8248f162a7
SHA1: 37e3896fb1d3fa08235224b1a7528f806de717cc

Identifiers

spring-test-4.3.9.RELEASE.jar

Description: Spring TestContext Framework

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-test\4.3.9.RELEASE\spring-test-4.3.9.RELEASE.jar
MD5: 2ac32bff532a15773babdcb88c077c19
SHA1: 35bf4c38c9245f5baeeda4bea7c41f4f33c5daf3

Identifiers

spring-tx-4.3.8.RELEASE.jar

Description: Spring Transaction

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-tx\4.3.8.RELEASE\spring-tx-4.3.8.RELEASE.jar
MD5: 9893898aca284fbf988721958ea98531
SHA1: 7d84a40ac7eb8548aa67b8a3ae89baa8a5eb39a0

Identifiers

spring-tx-4.3.9.RELEASE.jar

Description: Spring Transaction

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-tx\4.3.9.RELEASE\spring-tx-4.3.9.RELEASE.jar
MD5: dd37a3893e7157fbfa58d0e2e5fe42cd
SHA1: 7a7b1775e1e604841f8b619e110e43d9929c37ab

Identifiers

spring-web-4.3.8.RELEASE.jar

Description: Spring Web

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-web\4.3.8.RELEASE\spring-web-4.3.8.RELEASE.jar
MD5: 8832270a6cc79dece124263cbe8b1bb7
SHA1: ec1b675c2e234b0c776d36ed56c691520030026f

Identifiers

spring-web-4.3.9.RELEASE.jar

Description: Spring Web

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-web\4.3.9.RELEASE\spring-web-4.3.9.RELEASE.jar
MD5: 8eaee85146662d4c191598a9e73d59a5
SHA1: 91dae64c4280093ad5fb4736a10913c9233479c1

Identifiers

spring-webmvc-4.3.8.RELEASE.jar

Description: Spring Web MVC

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-webmvc\4.3.8.RELEASE\spring-webmvc-4.3.8.RELEASE.jar
MD5: 9b21dcf2dfc179ffcf26d3b6a0636870
SHA1: 7a00452c350de0fb80ecbcecfb8ce0145c46141e

Identifiers

spring-webmvc-4.3.9.RELEASE.jar

Description: Spring Web MVC

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Tamara\.m2\repository\org\springframework\spring-webmvc\4.3.9.RELEASE\spring-webmvc-4.3.9.RELEASE.jar
MD5: 8ef84164f769f954e8ef15ec4c5f6c35
SHA1: ca80b4a00abc388d8046bf372099f35564371c47

Identifiers

spring-ws-core-2.4.0.RELEASE.jar

Description: Spring WS Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\springframework\ws\spring-ws-core\2.4.0.RELEASE\spring-ws-core-2.4.0.RELEASE.jar
MD5: 4e6805a1b0ed9a595442911792661d2e
SHA1: b4c17b5a17f14927efb389edfa0cc7f3fb0ff65b

Identifiers

spring-xml-2.4.0.RELEASE.jar

Description: Spring XML

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\springframework\ws\spring-xml\2.4.0.RELEASE\spring-xml-2.4.0.RELEASE.jar
MD5: 3c25c380815b4407b1f4627e7765db92
SHA1: 48edff3499a74c6c0e14f27139a4cb934711d022

Identifiers

jdependency-0.7.jar

Description: This project provides an API to analyse class dependencies

License:

Apache License 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\vafer\jdependency\0.7\jdependency-0.7.jar
MD5: d9a200bb2bf474a0383afd85634295dd
SHA1: 1ff888f026579c58d5b2d730ed2a0e86a36ad46d

Identifiers

snakeyaml-1.17.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Tamara\.m2\repository\org\yaml\snakeyaml\1.17\snakeyaml-1.17.jar
MD5: ab621c3cee316236ad04a6f0fe4dd17c
SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c

Identifiers

wsdl4j-1.6.3.jar

Description: Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: C:\Users\Tamara\.m2\repository\wsdl4j\wsdl4j\1.6.3\wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f

Identifiers

jaxb-core-2.2.7.jar\META-INF/maven/com.sun.xml.txw2/txw2/pom.xml

File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-core\2.2.7\jaxb-core-2.2.7.jar\META-INF/maven/com.sun.xml.txw2/txw2/pom.xml
MD5: cf4b1041a961856b9c0a5c3846c602fe
SHA1: 145b0c8dc9d0205ea46c44a3be6c1911d4e30e81

Identifiers

  • maven: com.sun.xml.txw2:txw2:20110809   Confidence:HIGH

jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.codemodel/codemodel/pom.xml

Description: The core functionality of the CodeModel java source code generation library

File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-xjc\2.2.7\jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.codemodel/codemodel/pom.xml
MD5: cb3ef5421d53f8e82462067161f2c443
SHA1: 14713e5f64df609081c58e1d3170db8c500a1f1a

Identifiers

  • maven: com.sun.codemodel:codemodel:2.6   Confidence:HIGH

jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.istack/istack-commons-tools/pom.xml

File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-xjc\2.2.7\jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.istack/istack-commons-tools/pom.xml
MD5: 789273b3a18fe3379887305fcd70a8fc
SHA1: ea8643a9daf54ccb792c5312aec496add5472e48

Identifiers

  • maven: com.sun.istack:istack-commons-tools:2.16   Confidence:HIGH

jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.xml.dtd-parser/dtd-parser/pom.xml

Description: SAX-like API for parsing XML DTDs.

License:

CDDL v1.1 / GPL v2 dual license: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-xjc\2.2.7\jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.xml.dtd-parser/dtd-parser/pom.xml
MD5: 9f9d4028fcdf2317f36754dc5f07d266
SHA1: 9fbfbbb92d69781183abb5f59ba68193619917d3

Identifiers

  • maven: com.sun.xml.dtd-parser:dtd-parser:1.2-SNAPSHOT   Confidence:HIGH

jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.xsom/xsom/pom.xml

Description: XML Schema Object Model (XSOM) is a Java library that allows applications to easily parse XML Schema documents and inspect information in them. It is expected to be useful for applications that need to take XML Schema as an input.

License:

CDDL v1.1 / GPL v2 dual license: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-xjc\2.2.7\jaxb-xjc-2.2.7.jar\META-INF/maven/com.sun.xsom/xsom/pom.xml
MD5: a01a84125c88df053cf76d79da8027b8
SHA1: 276a523407961bb40c69cb9a5713ae33b2454ff4

Identifiers

  • maven: com.sun.xsom:xsom:20110809   Confidence:HIGH

jaxb-xjc-2.2.7.jar\META-INF/maven/org.kohsuke.rngom/rngom/pom.xml

Description: RNGOM is an open-source Java library for parsing RELAX NG grammars.

License:

The MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: C:\Users\Tamara\.m2\repository\com\sun\xml\bind\jaxb-xjc\2.2.7\jaxb-xjc-2.2.7.jar\META-INF/maven/org.kohsuke.rngom/rngom/pom.xml
MD5: a384e4166825dc6aea901acc5be90a4c
SHA1: 5cf801bf40bfdd2925eaf6e40e6b167fd2967eb7

Identifiers

  • maven: org.kohsuke.rngom:rngom:201103-SNAPSHOT   Confidence:HIGH

maven-shared-utils-0.1.jar\META-INF/maven/commons-io/commons-io/pom.xml

Description:  The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

File Path: C:\Users\Tamara\.m2\repository\org\apache\maven\shared\maven-shared-utils\0.1\maven-shared-utils-0.1.jar\META-INF/maven/commons-io/commons-io/pom.xml
MD5: 8dcc8cd4255c1f23e7f58780a943cefb
SHA1: 1ef24807b2eaf9d51b5587710878146d630cc855

Identifiers

  • maven: commons-io:commons-io:2.2   Confidence:HIGH

assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib-nodep/pom.xml

File Path: C:\Users\Tamara\.m2\repository\org\assertj\assertj-core\2.6.0\assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib-nodep/pom.xml
MD5: 425b3e01685d013cbc5b431afc582104
SHA1: 3d0aad1cd07c4754588acbdb8561e367e457cc1d

Identifiers

  • maven: cglib:cglib-nodep:3.2.4   Confidence:HIGH

assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib/pom.xml

File Path: C:\Users\Tamara\.m2\repository\org\assertj\assertj-core\2.6.0\assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib/pom.xml
MD5: 072045d2914c647e8e37e8c4b387aaf0
SHA1: 23e1de8e375b571cb6c40ef93f04578abc23dfcb

Identifiers

  • maven: cglib:cglib:3.2.4   Confidence:HIGH


This report contains data retrieved from the National Vulnerability Database.